On Thursday this week, Google just patched QR code security flaw in Google Glass which would have allowed hackers to grab control of the device. In that scenario, Google Glass would have to scan the malicious QR code which would force the device to connect to a rogue Wi-Fi network controlled by the hacker.
This time around to according to Candid Wuest, threat researcher for Symantec, a vulnerability in Google Glass’s Wi-Fi feature that could enable a hacker to launch man-in-the-middle (MTM) type of attack and hijack control of the device.
Many Wi-Fi-enabled devices like Google Glass are constantly scanning for Wi-Fi signals in case they need to connect to the Internet, said Wuest. This behaviour can easily be exploited by hackers who using a readily available software which “impersonates” the network that a user is looking for.
“You can even buy a small device called the Wi-Fi Pineapple that will do all the work for you,” he said in his blog.
The Wi-Fi Pineapple answers the query of a Wi-Fi- enabled device searching for a network. The Wi-Fi Pineapple impersonates the network the device is looking for once connected to the device can hijack it or sniff for data.
“Unfortunately the Wi-Fi hijacking issue is not trivial to solve,” said Wuest. “Users want a smooth experience that works seamlessly, without the hassle of pairing the device each time they use a Wi-Fi hotspot.”
Wuest said the best way to limit risk is to “treat every network as a hostile” and make sure that all applications use encrypted communications like SSL (secure socket layer) or tunnel through a virtual private network.