Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Fixes Glass Vulnerability To Malicious QR Codes

Posted by Unknown on from the look-over-here dept.

judgecorp writes "Google has fixed a vulnerability in its Glass device, which made it possible to fool the wearable gadget into joining malicious Wi-Fi networks, through the use of fake QR codes. Google fixed the flaw fast, following a tip-off from researchers — but there are two warnings to take from this. There are other weaknesses in Glass (such as the absence of a lockscreen), and this sort of weakness will increasingly hit as the Internet of Things takes hold and the number of communicating devices multiplies."

19 of 81 comments (clear)

  1. Only to be expected by Anonymous Coward · · Score: 5, Funny

    I said no good would come of this digital nonsense, we should forget it go back to analog.

    1. Re:Only to be expected by ArcadeMan · · Score: 2

      For what it's worth, let's remember that digital has the word digit in it and analog has the word anal in it.

      --
      Get free satoshi (Bitcoin) and Dogecoins
    2. Re:Only to be expected by FatdogHaiku · · Score: 2

      For what it's worth, let's remember that digital has the word digit in it and analog has the word anal in it.

      Sure, but if you put them together and you get the dreaded "Stinky Pinky"!

      --
      You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
  2. fake QR by Anonymous Coward · · Score: 5, Informative

    They dont use fake QR but Real QR codes witch lead to a malicous network... fake qr codes Wont work...

    1. Re:fake QR by Lunix+Nutcase · · Score: 2

      But it's still a real QR code. It is malicious but it isn't fake.

  3. @mollycrabapple by jayrtfm · · Score: 5, Funny

    Trolls walk past #GoogleGlass wearers, whisper Image Search Goatse into the glass's mike
      --- @mollycrabapple, after trying on google glass

    1. Re:@mollycrabapple by niftydude · · Score: 4, Funny

      Safesearch on! Safesearch on!

      --
      You can never know everything, and part of what you do know will always be wrong. Perhaps even the most important part.
  4. QR code, introducing a new generation to hello.jpg by VVelox · · Score: 2

    Any one else ever feel tempted to print up a bunch of QR code patches to direct people to hello.jpg and then slap them all over the place? Especially over the QR code on advertising and the like?

  5. QR sploits by Megane · · Score: 4, Funny

    Automatic QR code scanning... bringing passive execution exploits to the world of paper and ink!

    --
    #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
    1. Re:QR sploits by 93+Escort+Wagon · · Score: 4, Insightful

      Google has brought Autorun vulns to the mobile world! Innovative!

      That is one of the big issues with devices that, by design, freely offer up information to you rather than wait for you to retrieve it.

      --
      #DeleteChrome
  6. Real QR Codes by Russ1642 · · Score: 5, Insightful

    They weren't fake magical QR codes. To somehow blame a piece of paper or a billboard for your own terrible code is hilarious.

    1. Re:Real QR Codes by gl4ss · · Score: 2

      They weren't fake magical QR codes. To somehow blame a piece of paper or a billboard for your own terrible code is hilarious.

      yeah.. autorun on qrcodes is a terrible idea. just as terrible idea as auto-open urls.

      also.. uhh.. qrcodes to join networks? ok I can see how that can be useful, go to a bar and just scan the qrcode and you got the local wifi there.. but doing so without asking at all is fucking stupid

      --
      world was created 5 seconds before this post as it is.
  7. Just Glass has this problem? by Threni · · Score: 2

    What's special about Google Glass? What about Google Goggles, or indeed any of the various QR scanning apps available? Unless it has an "are you sure you want to visit this site" option (which understands URL shorteners), you're always going to be at risk. Glass owners are always going to be a tiny, tiny, tiny subset of the total number of Android users.

    1. Re:Just Glass has this problem? by Anonymous Coward · · Score: 2, Insightful

      The difference is that with QR scanning apps: you get out your phone, load the app, line up the camera, follow the link, then vomit.
      With Google Glass: you accidentally turn your head toward a code while examining an attractive posterior, then vomit.

    2. Re:Just Glass has this problem? by fuzzyfuzzyfungus · · Score: 2

      Architecturally, anything that scans QR codes(or accepts any other sort of input that isn't trivially human-verifiable beforehand, mag-stripes, NFC, 2d barcodes, whatever).

      In terms of UI/UX constraints, I assume that 'glass' is atypically vulnerable because it has severely limited space(in terms of both screen resolution and user input options) for showing the user the details of what, exactly, a given QR code is going to do and asking them whether they want to do it, which creates an incentive to just do it automatically.

      Any computer can be made to do dumb things based on valid-but-malicious input automatically; but some computers are more equal than others when it comes to being able to inform the user(though user density creates a fundamental upper limit here).

  8. Noise by Anonymous Coward · · Score: 3, Interesting

    Going thru a mall will generate so much scanning noise that you won't be able to look thru the glasses. And it would be a pain to have to confirm everything "Do you want to scan this? Do you want to view that?"

    I have less and less reason to ever get Google Glasses. Sorry Google

  9. Re:QR code, introducing a new generation to hello. by Inda · · Score: 4, Funny

    I think a QR code that directs people to qr.png, which just shows another QR code, would be hilarious.

    Reciprocal QR trolling.

    --
    This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
  10. XKCD to the rescue... by Anonymous Coward · · Score: 3, Funny

    ...there really seems to be an XKCD for everything:
    http://www.xkcd.com/1237/

  11. Re:QR code, introducing a new generation to hello. by sjames · · Score: 2

    I think Commander Data once suggested doing that to the Borg.