When Google began inviting I/O attendees to try out Google Glass (for a very expensive entry fee), it’s safe to say everyone who dived in knew what they were getting themselves into. Essentially beta testing the hardware, Google didn’t bother beating around the bush calling these first run early adopters their Google Glass “Explorers.” Before a consumer release can ever hope to take place, the hardware will need to mature and with that comes the growing pains.
Lookout has made a name for themselves for discovering new security exploits, using them not only alert system admins and users, but tout their own security software in the process. Recently their team of hacky do-gooders had little trouble taking advantage of a security exploit in Glass that, worse case scenario, could allow for someone to intercept data and take full control over the device using a known Android 4.0.4 security hole.
For those unaware, every time you take a picture with Glass, the headset scans said image for a QR code. This is actually used during the setup process to configure the headset to access a WiFi network (given there is no input method on Glass). Assuming a Glass user were to scan a “malicious” QR code, Glass could then be told to access a hostile WiFi access point, and even connect to a web page where a hacker could take control of Glass using that Ice Cream Sandwich exploit we’ve heard so much about (Glass’ current Android firmware).
Sure, that doesn’t sound like a big security hole and you’d have to jump through a lot of hoops to make something like that happen, but it’s one Google took seriously and per Lookout’s suggestion, patched up quickly about 2 software updates ago (XE6). Easy peasy. Lookout even made a nifty video talking about this and uploaded to YouTube. Take a look.