Wi-Fi vulnerability in Google Glass found

Google Inc. (NASDAQ: GOOG) may have patched the QR-code vulnerability found on its Google Glass recently, but security software company Symantec Corp., yesterday reported that the wearable computing gadget still has some problems.

On Thursday this week, Google just patched QR code security flaw in Google Glass which would have allowed hackers to grab control of the device. In that scenario, Google Glass would have to scan the malicious QR code which would force the device to connect to a rogue Wi-Fi network controlled by the hacker.

 
 

RELATED CONTENT

Stoddart raises privacy concerns over Google Glass
Vancouver firm has answer to Google Glass

This time around to according to Candid Wuest, threat researcher for Symantec, a vulnerability in Google Glass’s Wi-Fi feature that could enable a hacker to launch man-in-the-middle (MTM) type of attack and hijack control of the device.

Many Wi-Fi-enabled devices like Google Glass are constantly scanning for Wi-Fi signals in case they need to connect to the Internet, said Wuest. This behaviour can easily be exploited by hackers who using a readily available software which “impersonates” the network that a user is looking for.

“You can even buy a small device called the Wi-Fi Pineapple that will do all the work for you,” he said in his blog.

The Wi-Fi Pineapple answers the query of a Wi-Fi- enabled device searching for a network. The Wi-Fi Pineapple impersonates the network the device is looking for once connected to the device can hijack it or sniff for data.

“Unfortunately the Wi-Fi hijacking issue is not trivial to solve,” said Wuest. “Users want a smooth experience that works seamlessly, without the hassle of pairing the device each time they use a Wi-Fi hotspot.”

Wuest said the best way to limit risk is to “treat every network as a hostile” and make sure that all applications use encrypted communications like SSL (secure socket layer) or tunnel through a virtual private network.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now