Google Glass has been one of the most closely watched technologies to debut this year, with many eager to see the robust augmented reality tool reach consumers and others expressing concerns about privacy. The wearable headsets have now faced their first software security challenge, according to mobile security company Lookout Mobile, which recently posted a video detailing a vulnerability that would enable a remote takeover. The flaw was privately disclosed to Google in May and patched in June for the approximately 10,000 users in the “Explorer” program, AllThingsD reported.
The vulnerability related to the way that Google Glass treated QR codes, according to Lookout Mobile’s explanatory animation, which noted that “new things can be hacked in new ways.” The firm found that if Glass took a picture of a malicious QR code, that code could force Glass to connect to a Wi-Fi access point controlled by an attacker. Consequently, the attacker could send a vulnerability to the device allowing remote web control.
The vulnerability is the first major security flaw to have been discovered in Google Glass, according to ZDNet. In a statement to AllThingsD, Google noted that the device is still in limited testing, and this period is designed to root out concerns and catch vulnerabilities such as this one. The flaw has been patched, and Lookout applauded Google’s quick response. The mobile security company added that it was publicizing the flaw to highlight the fact that such vulnerabilities will be of increasing concern as the “Internet of Things” brings more devices online.
“This responsive turnaround indicates the depth of Google’s commitment to privacy and security for this device and set a benchmark for how connected things should be secured going forward,” the company wrote.
As such concerns about the Internet of Things mount, organizations will want to use all the tools at their disposal to ensure connected devices are not opening new attack vectors for hackers. Using approaches such as code review and static analysis testing, organizations can catch errors before their products are released, thereby mitigating potential threats.
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.