CC image courtesy of Miguel Ángel Uriondo, on Flickr.
Researchers at Lookout have blogged about their findings, which allowed them to capture data being sent from the device to the web without the wearer’s knowledge.
Marc Rogers, principal security analyst at Lookout, said by creating a QR code which was then focused on by the device they were able to tell Glass to connect to a Wi-Fi network set up by them and receive data from the device.
Rogers wrote on the blog: “When photographed by an unsuspecting Glass user, the code forced Glass to connect silently to a “hostile” WiFi access point that we controlled.
“That access point in turn allowed us to spy on the connections Glass made, from web requests to images uploaded to the Cloud.
“Finally, it also allowed us to divert Glass to a page on the access point containing a known Android 4.0.4 web vulnerability that hacked Glass as it browsed the page.”
Having discovered the flaw in May, Rogers set about informing Google who have since fixed it.
HumanIPO reported in May developer Jay Freeman had found another flaw which took advantage of Glass’s root capability to attach it to a desktop and run commands.