Security firm Lookout Mobile exposed a potential weakness in Google Glass headsets, using QR codes hidden in images picked up by the device to crash its system and even take control of it, as reported in Forbes today.
Google Glass is designed to automatically scan photographs it captures for information such as QR codes, allowing Lookout Mobile to ‘photobomb’ the rogue QR codes into images captured by the device. By hiding the QR codes in photographs (such as on a t shirt worn by someone in the background of a shot or a sticker placed over a legitimate QR code on a product) Lookout Mobile researchers were able to remotely reconfigure the device.
Since reporting the bug in mid May Lookout has subsequently worked with Google, developing a patch that solved the problem two weeks later. With the new update Google Glass will only read QR codes in specific situations such as when the user is selecting a wifi network, rather than by default.
While Google Glass is currently only available in limited quantities it is suspected it will become a target for hackers upon wider release due to the potential such a device has to invade privacy and gather sensitive information.