Forgot your password?
typodupeerror
Security Google

Google Fixes Glass Vulnerability To Malicious QR Codes 81

Posted by Unknown Lamer
from the look-over-here dept.
judgecorp writes "Google has fixed a vulnerability in its Glass device, which made it possible to fool the wearable gadget into joining malicious Wi-Fi networks, through the use of fake QR codes. Google fixed the flaw fast, following a tip-off from researchers — but there are two warnings to take from this. There are other weaknesses in Glass (such as the absence of a lockscreen), and this sort of weakness will increasingly hit as the Internet of Things takes hold and the number of communicating devices multiplies."
This discussion has been archived. No new comments can be posted.

Google Fixes Glass Vulnerability To Malicious QR Codes

Comments Filter:
  • by Anonymous Coward on Wednesday July 17, 2013 @09:30AM (#44307599)
    I said no good would come of this digital nonsense, we should forget it go back to analog.
    • For what it's worth, let's remember that digital has the word digit in it and analog has the word anal in it.

      • For what it's worth, let's remember that digital has the word digit in it and analog has the word anal in it.

        Sure, but if you put them together and you get the dreaded "Stinky Pinky"!

      • by bmk67 (971394)

        You've got digital in your analog.

        Somewhere in here there's a "Yo, dawg" meme.

        I got nothing.

    • by PPH (736903)
      Analog is just digital that can't make up its mind.
  • fake QR (Score:5, Informative)

    by Anonymous Coward on Wednesday July 17, 2013 @09:31AM (#44307617)

    They dont use fake QR but Real QR codes witch lead to a malicous network... fake qr codes Wont work...

  • by jayrtfm (148260) <jslash@sophont.cCOFFEEom minus caffeine> on Wednesday July 17, 2013 @09:32AM (#44307629) Homepage Journal

    Trolls walk past #GoogleGlass wearers, whisper Image Search Goatse into the glass's mike
      --- @mollycrabapple, after trying on google glass

  • Any one else ever feel tempted to print up a bunch of QR code patches to direct people to hello.jpg and then slap them all over the place? Especially over the QR code on advertising and the like?

  • QR sploits (Score:4, Funny)

    by Megane (129182) on Wednesday July 17, 2013 @09:43AM (#44307739) Homepage
    Automatic QR code scanning... bringing passive execution exploits to the world of paper and ink!
  • Real QR Codes (Score:5, Insightful)

    by Russ1642 (1087959) on Wednesday July 17, 2013 @09:48AM (#44307785)

    They weren't fake magical QR codes. To somehow blame a piece of paper or a billboard for your own terrible code is hilarious.

    • by gl4ss (559668)

      They weren't fake magical QR codes. To somehow blame a piece of paper or a billboard for your own terrible code is hilarious.

      yeah.. autorun on qrcodes is a terrible idea. just as terrible idea as auto-open urls.

      also.. uhh.. qrcodes to join networks? ok I can see how that can be useful, go to a bar and just scan the qrcode and you got the local wifi there.. but doing so without asking at all is fucking stupid

    • by Anonymous Coward

      Remember when we were all up in arms about Microsoft auto-rendering HTML embedded in e-mails with no cecking like 15 years back, and how it was a terrible idea?

      Google apparently doesn't.

      Seamless interaction with third parties vs. Safety from the malicious. Pick one.

  • by abies (607076)

    Reminds me of novel Aristoi [wikipedia.org] where all people were conditioned from childhood to respond in certain ways to complicated hand symbols - allowing ruling elite to paralyze them with hand gesture for example. Yes, having your computer glasses compromised because of looking at malicious picture is still far from having you brain 'hacked', but I hope we will get there soon ;) Next step could be quick-hacking Google Glass v3 (with bone-transmitted headphones and retinal projector) to perform flashbang kind of attac

    • by Anonymous Coward

      How about Snow Crash (just as soon as we integrate Google Glass to augment our sensory perception).

      • by b.emile (1222958)
        Came here for Snow Crash reference, am not leaving disappointed.
        • by eelinow (903408)

          I too came here looking for a Snow Crash reference. Glad to see I am not disappointed. As soon as I saw the headline it was the most immediate thought in my mind.

    • by Anonymous Coward

      As a professional political social engineer / marketer, I find it pleasing that you still think we're not hacking your brain. (What do you think is the point of communication then?)
      Please keep thinking that way. Oh, and ALL GLORY TO THE HYPNOTOAD!

  • What's special about Google Glass? What about Google Goggles, or indeed any of the various QR scanning apps available? Unless it has an "are you sure you want to visit this site" option (which understands URL shorteners), you're always going to be at risk. Glass owners are always going to be a tiny, tiny, tiny subset of the total number of Android users.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      The difference is that with QR scanning apps: you get out your phone, load the app, line up the camera, follow the link, then vomit.
      With Google Glass: you accidentally turn your head toward a code while examining an attractive posterior, then vomit.

    • Architecturally, anything that scans QR codes(or accepts any other sort of input that isn't trivially human-verifiable beforehand, mag-stripes, NFC, 2d barcodes, whatever).

      In terms of UI/UX constraints, I assume that 'glass' is atypically vulnerable because it has severely limited space(in terms of both screen resolution and user input options) for showing the user the details of what, exactly, a given QR code is going to do and asking them whether they want to do it, which creates an incentive to just do i

  • Noise (Score:3, Interesting)

    by Anonymous Coward on Wednesday July 17, 2013 @09:49AM (#44307807)

    Going thru a mall will generate so much scanning noise that you won't be able to look thru the glasses. And it would be a pain to have to confirm everything "Do you want to scan this? Do you want to view that?"

    I have less and less reason to ever get Google Glasses. Sorry Google

  • The glasses do not fold, so they cannot just be put away in your pocket like sunglasses when you don't want to wear them. They come with a case that can keep them pretty safe, but the case won't fit in your pocket.

    Battery life is abysmal. On the neighborhood of about 2 hours of use. The very concept of "wearable computing" does sort of lend itself to the notion of devices that can remain turned on at all times, and Glass falls short of this ideal by such a large factor that it is laughable. The batt

    • You're forgetting the #1 problem. Everyone will hate the wearer, cover their faces, scream at them, and possibly attack the owner.
      • by mark-t (151149)

        If somebody wearing equipment that can record you is sufficient reason for you to attack them, then you have anger management issues, and need counselling. That's not a fault in the technology.

        As for the other responses, well, again that's not a flaw in the design of glass... that's a societal issue that arises because of false expectations that people have about privacy in public. If somebody can see you with their eyes in a public place, they are essentially recording you already in their brain, whi

        • Okay, I'll follow you around every second of every day while you're in public with a camera in your face and post it on youtube. Then we'll see if you develop and "anger problem" too.
    • Also, you look like a prick when wearing them.
      • by mark-t (151149)
        Care to elaborate as to why that's so? You may find, in fact, that such a problem does not lie with a person who wears them at all.
  • I am also looking for this Google Glass... How can get one easily ?
  • Goggle Glass must be the only thing that is actually using QR codes.

    Nothing to see here, please move along.

  • In places where they're just used a lot for a bit of text, like a URL, why don't we just agree on a specific shape into which we put plain text to be OCRed? The human can verify it's the information he wants and is expecting before scanning and following a link.

  • Good thing Glass isn't directly hooked into the brain yet... Is L. Bob Rife running Google now?

A committee is a group that keeps the minutes and loses hours. -- Milton Berle

Working...