Google Patches Major Glass QR Code-Triggered Exploit

Google has quietly patched a Glass security exploit that could have allowed hackers to take control of the wearable by showing it a QR code, the researcher who identified the flaw tells SlashGear. The exploit, discovered by Marc Rogers, Principal Security Researcher at Lookout Mobile Security, took advantage of Glass’ streamlined setup process that saw the camera automatically – and transparently to the wearer – spot QR codes in images and use them to trigger WiFi connections and other configurations. By creating malicious codes, and hiding them in images, Rogers was able to get Glass to connect to a compromised network, show details of all network traffic from the wearable, and even take full remote control. The exploit – which we referred to in our June interview with Rogers, though without specific details as Google and Lookout were still addressing the fix at the time – has been fixed as of Glass firmware XE6, released on June 4.

Read the full story at Slashgear.