Google Glass may not have been officially released to the public yet (it is currently only available to testers dubbed "Glass Explorers" by Google), but mobile security juggernaut Lookout has already found a security vulnerability that makes it possible to hack the wearable computer for potentially dangerous and malicious purposes. The vulnerability impacting Google Glass is initiated through QR codes -- basically advanced barcodes. By design, a Glass user can scan these barcodes with the device's camera to do things such as perform an action or change a setting. While this provides beneficial functionality to the user, it also offers a new gateway for malicious hackers.
According to Lookout:
This is where we identified a significant security problem. While it’s useful to configure your Glass QR code and easily connect to wireless networks, it’s not so great when other people can use those same QR codes to tell your Glass to connect to their WiFi Networks or their Bluetooth devices. Unfortunately, this is exactly what we found. We analyzed how to make QR codes based on configuration instructions and produced our own "malicious" QR codes. When photographed by an unsuspecting Glass user, the code forced Glass to connect silently to a "hostile" WiFi access point that we controlled. That access point in turn allowed us to spy on the connections Glass made, from web requests to images uploaded to the Cloud. Finally, it also allowed us to divert Glass to a page on the access point containing a known Android 4.0.4 web vulnerability that hacked Glass as it browsed the page.
While it isn't fair to criticize a product that isn't even officially released, the simplicity of the vulnerability is rather surprising. Google is a billion-dollar company with a slew of developers so it is shocking that no one there foresaw this.
Lookout reported the vulnerability on May 16 and it was already fixed by June 4, so users are safe -- for now. However, there must be a constant fear that a new vulnerability will be discovered and exploited. While this is true of all computers, most computers are not strapped to your head and seeing everything you see.
Recently, my colleague Wayne Williams asked the question, "Will Google Glass turn us all into government spies?" However, if the product is so easily hacked, it's not just the government to worry about -- it is everyone.