How about people that are already wearing glasses??
Security Vulnerabilities Harm Google Glass[07/21/2013 01:56 PM]
Google Glass is, without any doubts, one of the most expected gadgets on the planet. Unfortunately, even it has a number of disadvantages that can overshadow its pros. Question is, how many failures are needed to ruin a promising product? According to Symantec, there is one significant flaw that is present on Google Glass device.
Symantec, a leading provider of security tools, reports that last year it was found that a popular Android smartphone could be wiped by a malicious USSD code embedded within a QR code. QR codes have been in use for many years now, but when scanning them with a mobile phone the user can never tell where they will end up.
Wearable devices by their nature can open up new attack vectors because the user interacts with them differently. Lookout have stated when taking a photo of a QR code, it could cause Glass to silently connect to a potentially malicious WiFi access point. This gives the word photobombing a whole new meaning. Glass does not support all general QR codes, but does use them for reconfiguring the device's preferred WiFi access point.
Once the Google Glass device connects to the access point of an attacker, the attacker can sniff all the traffic or even redirect users of the device to a malicious website. Fortunately, Google is aware of this issue and have already fixed it—so you don’t have to keep looking away from QR codes while taking pictures.
So, while Glass’ ability to get QR photobombed was interesting, there are far easier ways to get a mobile device connected to a rogue WiFi access point. Many people have WiFi enabled all the time on their smartphones (or with Google Glass). This means the device constantly probes the surroundings to see if there is a known access point to connect to. Similar behavior is expected in new wearable devices to make it easier for them to connect to the Internet.
However, there is software available that will impersonate any network that a device searches for, and this software is quite easy to use. You can even buy a small device called WiFi Pineapple that will do all the work for you. For example, suppose your smartphone is configured to always connect to your home WiFi network with the SSID name “myPrivateWiFi”. Now, imagine you take this smartphone to your local coffee shop where an attacker has installed a malicious WiFi Pineapple. When your device searches for “myPrivateWiFi”, the attacker’s WiFi Pineapple will simply answer the probe request and pretend to be that specific network. From that point on classic man-in-the-middle (MITM) attacks, such as session hijacking or sniffing, can be performed. Such attacks can be executed without the device having to recognize any QR code. So even with Google's patch against QR photobombing, Glass remains vulnerable to WiFi hijacking.
Unfortunately the WiFi hijacking issue is not trivial to solve. Users want a smooth experience that works seamlessly, without the hassle of pairing the devices each time they use a WiFi hotspot. Remembering the MAC addresses of the regularly-used access points together with the SSID could help in some instances, but it reduces the seamless experience users desire when roaming. In addition, MAC addresses can be easily spoofed by the WiFi Pineapple.
The more practicable solution to WiFi hijacking is to treat every network as hostile and ensure that all the applications use encrypted communications like SSL or tunnel through a VPN. That way you don’t have to worry about where you are or what you are looking at, but instead can relax and enjoy the sunshine.
Enter your username and e-mail address. Password will be sent to you.
8:23 am | Microsoft Vows to Release Xbox 360 Emulator for Xbox One. Microsoft Xbox One May Gain Compatibility with Xbox 360 Games
10:39 am | Microsoft Reveals Kinect for Windows v2 Hardware. Launch of New Kinect for Windows Approaches
1:57 pm | Facebook to Acquire Virtual Reality Pioneer, Oculus VR. Facebook Considers Virtual Reality as Next-Gen Social Platform
1:35 pm | Intel Acquires Maker of Wearable Computing Devices. Basis Science Becomes Fully-Owned Subsidiary of Intel
10:53 pm | Global UHD TV Shipments Total 1.6 Million Units in 2013 – Analysts. China Ahead of the Whole World with 4K TV Adoption
10:40 pm | Crytek to Adopt AMD Mantle Mantle API for CryEngine. Leading Game Developer Adopts AMD Mantle
9:08 pm | Microsoft Unleashes DirectX 12: One API for PCs, Mobile Gadgets and Xbox One. Microsoft Promises Increased Performance, New Features with DirectX 12
3:33 pm | PowerVR Wizard: Imagination Reveals World’s First Ray-Tracing GPU IP for Mobile Devices. Imagination Technologies Brings Ray-Tracing, Hybrid Rendering Modes to Smartphones and Tablets
2:00 pm | Nokia Now Expects to Close Deal with Microsoft in Q2. Sale of Nokia’s Division to Close Next Month