Hackers use QR codes to access Glass
Google’s ambitious augmented reality glasses have yet to be officially launched to the general public and they have already been hacked. Google’s Glass has managed to gain a great deal of support among tech-savvy consumers due to its innovative features and use of augmented reality. Glass allows people to literally see the world in a different way, utilizing cameras to capture visual information and augmented reality to enhance and change what users see. Despite the high-tech nature of Glass, it has been hacked by a relatively low-tech tool: QR codes.
Security firm shows that codes can exploit simple feature of Glass
Researchers from Lookout Mobile, a security firm, have developed an attack that leverages QR codes to hack Glass. Malicious QR codes have become relatively common in the marketing sector due to how easy they are to produce, with the codes themselves being essentially free. Researchers designed the attack to test the security capabilities of Glass, but found that the glasses feature a serious flaw that may have been overlooked by Google due to how simple it is. The flaw in question is related to the fact that Glass will process nearly anything that it is pointed at, effectively scanning QR codes automatically as soon as they come into view.
Malicious codes could crash Glass or link to rogue networks
Researchers found that they could use QR codes to connect Glass to a rogue WiFi network, thereby giving them access to the device’s various features and the information that it stores. The QR codes also showed themselves capable of crashing Glass entirely, forcing users to reboot their device before they could use it further. Notably, these QR codes can be placed on nearly any surface, with researchers suggesting that even t-shirts emblazoned with these codes could create a problematic issue for Glass users.
Researchers report findings to Google
Lookout Mobile immediately reported their findings to Google in order to help the company develop some security feature that could filter out malicious QR codes. Such features have become common in modern QR code scanning applications and generally work by accessing the content associated to the code in a limited fashion before allowing a mobile device to access this information entirely.