Google patches Glass hijack vulnerability

Summary:Google Glass faced its first security vulnerability in the form of a QR code that allowed a hacker to take over the wearable computer.

Screen Shot 2013-07-17 at 08.37.30
Google Glass vulnerability in action (Screenshot: YouTube)

Google Glass suffered its first major security vulnerability that would have allowed an attacker to take control of the wearable headset by exploiting a flaw in how it connects to Wi-Fi networks.

Don't worry, you one-in-a-million user. Glass won't melt, or take over your brain. It's also been fixed. 

Glass allows users to take pictures of QR codes. Should a user view a rogue code, that could dupe a device to connect to a rogue wireless network. From there, a hacker on that network can remotely control the device and view what is being displayed to the Glass user.

Lookout Mobile, which discovered the flaw and uploaded an explanatory video to YouTube on Wednesday explaining the bug, said Google "clearly worked quickly" to fix the flaw. 

The security firm privately disclosed the vulnerability on May 16, and was fixed in Google Glass version XE6 on June 4. This update went out to about 10,000 users in the "Explorer" program.

According to a Google statement given to AllThingsD, one of the many points of dishing out Glass to all sorts of people is to help "discover vulnerabilities that we can research and work to address before we launch Glass more broadly."

Topics: Google

About

Zack Whittaker writes for ZDNet, CNET, and CBS News. He is based in New York City.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.