About Dan Gendro

Author: Dan Gendro

QR codes could be used to hack Google Glass

Dan Gendro | July 23, 2013

Photobombs made from the black and white square barcodes could cause problems for device wearers.

Google Glass owners may want to be careful where they aim their new headsets, as researchers have now discovered that scanning the wrong QR codes could result in the corruption of the device.

The research firm said that they were capable of developing their own attack of this nature.

Lookout Mobile security firm researchers claim to have been able to come up with an attack as of last spring that could compromise Google Glass through the use of QR codes. This functioned extremely simply when the user scanned a malicious barcode.

The vast majority of QR codes are used simply to provide device users with a fast way to link to a website.

QR Codes could be hacked However, in this case, the seemingly innocent QR codes caused the device to be hacked. According to the researchers who developed the malicious attack to take advantage of the bug, they have already come up with a fix for the issue. This is important because according to what was reported to Google, the attack could crash the device or force it to connect to a rogue Wi-Fi hotspot that could eliminate the encryption of the communications of the device. It could also send it directly to a malicious website that would allow full control of the device to be handed over to the attacker.

According to Marc Rogers, one of the researchers at Lookout, “Google has set up the device so that Glass scans every photo you take for something interesting.” He added that “While that’s exciting, the fact that Glass can parse photographs opened up a vulnerability. By understanding and reverse engineering the QR codes, we were able to create malicious ones that would silently reconfigure the device.

Rogers went on to describe a situation in which a person could wear a t-shirt that features QR codes that have been maliciously crafted. The result to a passing user of Google Glass is that he or she could be “photobombed”, and the owner of the barcode could attack the device. Similar situations include printed stickers of the barcodes that are placed overtop of innocent ones on billboards and other ads.

Mobile security threat is shaping up in fake apps

Dan Gendro | July 18, 2013

False Android applications are becoming much more common in official marketplaces.

When it comes to mobile security, malware and other related issues can appear in some of the places that you’d least expect them, including many seemingly harmless apps that can bring about a world of problems to their users.

Although many device users feel safe when they stick to official marketplaces, they may not be as secure as they think.

In the universe of fake Android apps, it used to be the case that they were primarily found in sketchy underground forums. However, there are also a swath of “unauthorized” applications appearing in official marketplaces and that are leading to mobile security issues for those who download and install them.

These mobile security threats aren’t typically malware in the most traditional sense of the word.

Android Mobile Security - fake apps on the rise Though some may contain an Android Trojan virus that will download additional apps into a device or alter its normal operation, others can slip in undetected and collect the user’s personal data, only to send it away to remote servers of the developer. Many of them are using the old “bait and switch” technique that users often experience when they feel that they’re downloading one kind of app only to discover that they have received something primarily designed to keep a ton of ads constantly being displayed or that the home screen is changed around.

Unless absolutely necessary, it’s wise not to check off the option for the device to install apps from “unknown sources” on an Android device. This can create a tremendous number of mobile security problems if it is not done. Though it is necessary to check that box when testing an app that is currently under development and that is legitimate, it is extremely unwise to take that step in order to try to obtain pirated content. In those cases, you never know what you’re actually installing onto your device.

It is also a good idea for mobile security to check the developer, as a number of apps are being produced that look legitimate, but that are clearly not from official sources. For instance, there are dozens of games that look like they have Disney titles, but where Disney is not the developer. Moreover, it is important to note that BlackBerry is now the company name, not RIM, as unethical developers are trying to trick people who were not aware of the change.