by Anton Shilov
07/21/2013 | 01:56 PM
Google Glass is, without any doubts, one of the most expected gadgets on the planet. Unfortunately, even it has a number of disadvantages that can overshadow its pros. Question is, how many failures are needed to ruin a promising product? According to Symantec, there is one significant flaw that is present on Google Glass device.
Symantec, a leading provider of security tools, reports that last year it was found that a popular Android smartphone could be wiped by a malicious USSD code embedded within a QR code. QR codes have been in use for many years now, but when scanning them with a mobile phone the user can never tell where they will end up.
Wearable devices by their nature can open up new attack vectors because the user interacts with them differently. Lookout have stated when taking a photo of a QR code, it could cause Glass to silently connect to a potentially malicious WiFi access point. This gives the word photobombing a whole new meaning. Glass does not support all general QR codes, but does use them for reconfiguring the device's preferred WiFi access point.
Once the Google Glass device connects to the access point of an attacker, the attacker can sniff all the traffic or even redirect users of the device to a malicious website. Fortunately, Google is aware of this issue and have already fixed it—so you don’t have to keep looking away from QR codes while taking pictures.
So, while Glass’ ability to get QR photobombed was interesting, there are far easier ways to get a mobile device connected to a rogue WiFi access point. Many people have WiFi enabled all the time on their smartphones (or with Google Glass). This means the device constantly probes the surroundings to see if there is a known access point to connect to. Similar behavior is expected in new wearable devices to make it easier for them to connect to the Internet.
However, there is software available that will impersonate any network that a device searches for, and this software is quite easy to use. You can even buy a small device called WiFi Pineapple that will do all the work for you. For example, suppose your smartphone is configured to always connect to your home WiFi network with the SSID name “myPrivateWiFi”. Now, imagine you take this smartphone to your local coffee shop where an attacker has installed a malicious WiFi Pineapple. When your device searches for “myPrivateWiFi”, the attacker’s WiFi Pineapple will simply answer the probe request and pretend to be that specific network. From that point on classic man-in-the-middle (MITM) attacks, such as session hijacking or sniffing, can be performed. Such attacks can be executed without the device having to recognize any QR code. So even with Google's patch against QR photobombing, Glass remains vulnerable to WiFi hijacking.
Unfortunately the WiFi hijacking issue is not trivial to solve. Users want a smooth experience that works seamlessly, without the hassle of pairing the devices each time they use a WiFi hotspot. Remembering the MAC addresses of the regularly-used access points together with the SSID could help in some instances, but it reduces the seamless experience users desire when roaming. In addition, MAC addresses can be easily spoofed by the WiFi Pineapple.
The more practicable solution to WiFi hijacking is to treat every network as hostile and ensure that all the applications use encrypted communications like SSL or tunnel through a VPN. That way you don’t have to worry about where you are or what you are looking at, but instead can relax and enjoy the sunshine.