A Google Glass feature that gives the device the ability to automatically read text also leaves it vulnerable to malicious wireless networks.
The feature is made possible by a technology called optical character recognition. It’s this feature that reportedly allows Google Glass to understand written and printed text. The feature also caused – before the search giant put stops to it with a patch – Google Glass to automatically read and react to QR Codes present in photographs taken with the device, according to Lookout mobile security research.
Researchers at the mobile-security-focused firm determined that they could craft malicious QR codes and compel Google Glass devices to connect to what they describe as a “hostile” WiFi access point after knowingly or unknowingly taking a picture with a the QR code in it.
“That access point in turn allowed us to spy on the connections Glass made, from web requests to images uploaded to the Cloud,” wrote Lookout’s principle security researcher Marc Rogers. “Finally, it also allowed us to divert Glass to a page on the access point containing a known Android 4.0.4 web vulnerability that hacked Glass as it browsed the page.”
Of course, Google Glass is only available to developers at the moment, so the bug’s severity was fairly low to begin with. Despite this, Google supplied a fix for the vulnerability pretty quickly. Lookout reported the bug to Google and Google acknowledged it on May 16. They shipped a fix for the flaw in version XE6 released on June 4.