Photobombs made from the black and white square barcodes could cause problems for device wearers.
Google Glass owners may want to be careful where they aim their new headsets, as researchers have now discovered that scanning the wrong QR codes could result in the corruption of the device.
The research firm said that they were capable of developing their own attack of this nature.
Lookout Mobile security firm researchers claim to have been able to come up with an attack as of last spring that could compromise Google Glass through the use of QR codes. This functioned extremely simply when the user scanned a malicious barcode.
The vast majority of QR codes are used simply to provide device users with a fast way to link to a website.
However, in this case, the seemingly innocent QR codes caused the device to be hacked. According to the researchers who developed the malicious attack to take advantage of the bug, they have already come up with a fix for the issue. This is important because according to what was reported to Google, the attack could crash the device or force it to connect to a rogue Wi-Fi hotspot that could eliminate the encryption of the communications of the device. It could also send it directly to a malicious website that would allow full control of the device to be handed over to the attacker.
According to Marc Rogers, one of the researchers at Lookout, “Google has set up the device so that Glass scans every photo you take for something interesting.” He added that “While that’s exciting, the fact that Glass can parse photographs opened up a vulnerability. By understanding and reverse engineering the QR codes, we were able to create malicious ones that would silently reconfigure the device.
Rogers went on to describe a situation in which a person could wear a t-shirt that features QR codes that have been maliciously crafted. The result to a passing user of Google Glass is that he or she could be “photobombed”, and the owner of the barcode could attack the device. Similar situations include printed stickers of the barcodes that are placed overtop of innocent ones on billboards and other ads.