News
 

Bookmark and Share

(3) 

Google Glass is, without any doubts, one of the most expected gadgets on the planet. Unfortunately, even it has a number of disadvantages that can overshadow its pros. Question is, how many failures are needed to ruin a promising product? According to Symantec, there is one significant flaw that is present on Google Glass device.

Symantec, a leading provider of security tools, reports that last year it was found that a popular Android smartphone could be wiped by a malicious USSD code embedded within a QR code. QR codes have been in use for many years now, but when scanning them with a mobile phone the user can never tell where they will end up.

Wearable devices by their nature can open up new attack vectors because the user interacts with them differently. Lookout have stated when taking a photo of a QR code, it could cause Glass to silently connect to a potentially malicious WiFi access point. This gives the word photobombing a whole new meaning. Glass does not support all general QR codes, but does use them for reconfiguring the device's preferred WiFi access point.

Once the Google Glass device connects to the access point of an attacker, the attacker can sniff all the traffic or even redirect users of the device to a malicious website. Fortunately, Google is aware of this issue and have already fixed it—so you don’t have to keep looking away from QR codes while taking pictures.

So, while Glass’ ability to get QR photobombed was interesting, there are far easier ways to get a mobile device connected to a rogue WiFi access point. Many people have WiFi enabled all the time on their smartphones (or with Google Glass). This means the device constantly probes the surroundings to see if there is a known access point to connect to. Similar behavior is expected in new wearable devices to make it easier for them to connect to the Internet.

However, there is software available that will impersonate any network that a device searches for, and this software is quite easy to use. You can even buy a small device called WiFi Pineapple that will do all the work for you. For example, suppose your smartphone is configured to always connect to your home WiFi network with the SSID name “myPrivateWiFi”. Now, imagine you take this smartphone to your local coffee shop where an attacker has installed a malicious WiFi Pineapple. When your device searches for “myPrivateWiFi”, the attacker’s WiFi Pineapple will simply answer the probe request and pretend to be that specific network. From that point on classic man-in-the-middle (MITM) attacks, such as session hijacking or sniffing, can be performed. Such attacks can be executed without the device having to recognize any QR code. So even with Google's patch against QR photobombing, Glass remains vulnerable to WiFi hijacking.

Unfortunately the WiFi hijacking issue is not trivial to solve. Users want a smooth experience that works seamlessly, without the hassle of pairing the devices each time they use a WiFi hotspot. Remembering the MAC addresses of the regularly-used access points together with the SSID could help in some instances, but it reduces the seamless experience users desire when roaming. In addition, MAC addresses can be easily spoofed by the WiFi Pineapple.

The more practicable solution to WiFi hijacking is to treat every network as hostile and ensure that all the applications use encrypted communications like SSL or tunnel through a VPN. That way you don’t have to worry about where you are or what you are looking at, but instead can relax and enjoy the sunshine.

Tags: Google, Glass, Android

Discussion

Comments currently: 3
Discussion started: 07/22/13 07:10:51 AM
Latest comment: 07/22/13 08:52:04 PM

[1-3]

1. 
I think those glasses will be the first major fiasco in company's history.

P.S.
How about people that are already wearing glasses??
1 0 [Posted by: TAViX  | Date: 07/22/13 07:10:51 AM]
Reply

2. 
Just stick to augmented reality through beer goggles.
1 1 [Posted by: linuxlowdown  | Date: 07/22/13 08:49:02 AM]
Reply

3. 
This from a Co. which does not have any Android/Linux products and is alined to the x86 chip maker and O/S suppliers. Is it any wonder that they are bagging their competition in the O/S and Chip market. They must be suffering badly from the fall in sales of the x86 range of PC's.
0 0 [Posted by: tedstoy  | Date: 07/22/13 08:52:04 PM]
Reply

[1-3]

Add your Comment




Related news

Latest News

Tuesday, July 22, 2014

10:40 pm | ARM Preps Second-Generation “Artemis” and “Maya” 64-Bit ARMv8-A Offerings. ARM Readies 64-Bit Cores for Non-Traditional Applications

7:38 pm | AMD Vows to Introduce 20nm Products Next Year. AMD’s 20nm APUs, GPUs and Embedded Chips to Arrive in 2015

4:08 am | Microsoft to Unify All Windows Operating Systems for Client PCs. One Windows OS will Power PCs, Tablets and Smartphones

Monday, July 21, 2014

10:32 pm | PQI Debuts Flash Drive with Lightning and USB Connectors. PQI Offers Easy Way to Boost iPhone or iPad Storage

10:08 pm | Japan Display Begins to Mass Produce IPS-NEO Displays. JDI Begins to Mass Produce Rival for AMOLED Panels

12:56 pm | Microsoft to Fire 18,000 Employees to Boost Efficiency. Microsoft to Perform Massive Job Cut Ever Following Acquisition of Nokia