While the camera embedded in Google Glass is obviously a big asset, it’s also a tremendous liability.
Researchers at security research company Lookout say that they found a vulnerability in Glass that would allow hackers to compromise the device using the power of the lowly QR code.
Because Glass doesn’t have a keyboard, it relies on QR codes for typing-heavy actions like connecting to Wi-Fi networks. This created an obvious security hole for Lookout to exploit: By embedding malicious code in QR codes, Lookout said that could force Glass units to silently connect to a hostile WiFi network and siphon their data.
Lookout used the vulnerability to argue a larger point: “Both the vulnerability and its method of delivery are unique to Glass as a consequence of it becoming a connected thing,” Lookout’s Marc Rogers writes.
Discovered in May, the Glass vulnerability has since been patched so that it no longer automatically acts on QR codes while it’s not trying to connect to a Wi-Fi network.
While that’s obviously good news, it’s tough not to feel at least a tad disappointed that the problem has been fixed so soon. The scenario that Lookout describes would have been a perfect political tactic — or even just a practical joke — against people wearing Glass.
Imagine planting a QR code in your T-shirt that would take over a Glass and force it to display whatever you wanted to — something as crude as an upturned middle finger or perhaps as polite as a simple “Please don’t photography me. For the anti-Glass camp, this would have been a powerful tool against the always-watching philosophy embedded in the device.
Here’s a video from Lookout explaining the vulnerability.