Google Glass Hacked With QR Code Photobombs: Researchers at the security firm Lookout Mobile say they developed an attack last spring that could compromise Google’s device when the user merely took a photo that captured a malicious QR code, the square graphic labels often used to link smartphone users to websites and by Google Glass to set up the headset’s Wifi connections. Lookout’s researchers, who reported the bug to Google and have already helped the company issue a fix for the flaw, found that they could craft malformed QR codes that when photographed crashed Glass or connected the headset to a rogue Wifi hotspot capable of stripping away the encryption on the device’s communications or directing it to a malicious website designed to take full control of the device.
“Google has set up the device so that Glass scans every photo you take for something interesting,” says Lookout researcher Marc Rogers. “While that’s exciting, the fact that Glass can parse photographs opened up a vulnerability. By understanding and reverse engineering the QR codes, we were able to create malicious ones that would silently reconfigure the device.”