Google Has Fixed Glass Remote Access Exploit With Malicious QR Codes
We answer lots of questions from our readers at our wiki QA service every day, and some of those questions are so deep or important that we have to write a whole blog post to answer them clearly and on a full scale. And the question about recently uncovered Google Glass susceptibility is an exact match. Lookout company has discovered an exploit in the Google Glass configuration process, which enables hackers to seize a direct command over the instrument.
The point of the issue
As you probably know, Google Glass lacks direct input methods, and the only way to configure the device is to take a picture of a unique QR code. Simple QR codes can direct Glass and smartphones to web pages and transfer simple commands, but to keep it simple, we may say that a QR code is a way to encrypt some information or a code.
But what happens if the code is malicious? Researchers from Lookout company discovered that Google Glass scans and executes QR codes without the user's notice, and they made it to connect their Wi-Fi hotspot. Then, they could log all the traffic between the Glass and the outer world using well-known Wi-Fi protocol exploits and weak spots.
Then they used the Android 4.0.4 network security gap and were able to gain direct control over the device. They were able to log and monitor traffic and access the data stored on the synchronized smartphone, SMS, emails, and even video hangouts.
As we've already said, that exploit was based on the fact that to configure your Glass, you will have to use a unique QR code, which will change system parameters, but QR codes are everywhere nowadays, and you may see them at every cafe or shop. Most of them are safe, but it will be straightforward to share malicious QR's.
Google fixed the problem
Google Inc. has already published a fix for that problem that makes Glass notify users about the QR code, and if you want to scan that, you will have to approve that manually. But still, the vulnerability exists. Somebody may try to replace a “valid” regulation with a negative QR at the cafe's promotion or something like that, and people will think that it is valid and will approve its execution.
Researchers from Lookout were also able to gather all the web gridlock of the Glass user by using an SSLtrip traffic analyzer. Also, there is a possibility to use another Android vulnerability and gain complete management over the gadget. It is possible to block the picture from the camera and see what the owner notices.
Lookout researchers notified Google about the exploit on the 16th of May. On the 4th of July, they published a new XE6 firmware, so the Glass camera instrument scans QR regulations just when the user approves that. Lookout staff also mentioned that it is likely not the last bug found in Glass, but they hope that Google will be able to fix most of them before that gadget hits the market. Meanwhile, we recommend you use a Bluetooth signal blocker to have a chance to block the connection between your smartphone and Google Glass, just in case something goes wrong.