Google Has Fixed Glass Remote Access Exploit With Malicious QR Codes
We answer lots of question of our readers at our wiki QA service everyday, and some of those questions are so deep or really important, that we have to write a whole blog post to answer it clearly and in full scale. And the question about recently discovered Google Glass vulnerability is exact match. Lookout company has discovered an exploit in Google Glass configuration process, which enables hackers to seize a direct control over the device.
As you probably know, Google Glass has a lack of direct input methods and the only way to configure the device is to take a picture of a special QR code. Simple QR codes are able to direct Glass and smartphones to web pages and transfer simple commands, but to keep it simple, we may say that QR code is a way to encrypt some information or a code.
But what happens if the code is malicious? Researchers from Lookout company discovered that Google Glass scans and executes QR codes without user's notice and they made it to connect their Wi-Fi hotspot. Then, using well known, Wi-Fi protocol exploits and weak spots they were able to log all the traffic between the Glass and the outer world.
Then they've used Android 4.0.4 network security gap and were able to gain direct control over the device. They were able not only to log and monitor traffic, but also have accessed the data, stored on the synchronized smartphone, SMS, emails and even video hangouts.
As we've already said, that exploit was based on the fact that in order to configure your Glass, you will have to use a special QR code and it will change system parameters, but QR codes are everywhere nowadays and you may see them at every cafe or shop. Most of them are safe, but it will be really easy to share malicious QR's.
Google Inc. has already published a fix for that problem that makes Glass to notify user about the QR code, and if you would like to scan that, you will have to approve that manually. But still, the vulnerability still exists. Somebody may try to replace a “valid” code with a malicious QR at the cafe's advertisement or something like that and people will think that it is valid and will approve its execution.
Researchers form Lookout were also able to gather all the network traffic of the Glass user, by using SSLtrip traffic analyzer. Also, there is a possibility to use another Android vulnerability and gain a full control over the device. It is possible to intercept the picture from the camera and actually see what owner sees.
Lookout researchers have notified Google about the exploit on 16th of May and on 4th of July they have published a new XE6 firmware, so Glass camera scans QR codes only when the user approves that. Lookout staff also mentioned that it is probably not the last bug, found in Glass, but they hope that Google will be able to fix most of them, before that gadget hits the market. Meanwhile, we recommend you to use a Bluetooth signal blocker, to have a chance to block connection between your smartphone and Google Glass, just in case something goes wrong.