Data Storage Today HOME LATEST NEWS NEWSLETTERS SEARCH Search
  LATEST NEWS FOR THURSDAY JANUARY 19

Close Search Box
Data Storage Today
PERSONAL TECH
Symantec Warns Google Glass Still Vulnerable to WiFi Hackers
Posted July 21, 2013
Symantec Warns Google Glass Still Vulnerable to WiFi Hackers
Next Story
EARLIER
Locket Unlocks Free Money for Android Users
THIS STORY
Symantec Warns Google Glass Still Vulnerable to WiFi Hackers
Next Story
LATER
Report: Apple Exploring Larger Mobile Screens
YOU ARE HERE:   HOME arrow PERSONAL TECH arrow THIS STORY
NEWS OPS

By Jennifer LeClaire. Updated July 21, 2013 4:20PM

SHARE

ALSO SEE

The risks to Google Glass aren't over just yet. Despite the QR patch, Symantec is reporting that the innovative wearable technology is still vulnerable to WiFi hackers.

Here's the backstory: Earlier this week, Lookout analyzed how Google Glass could be manipulated using malicious QR codes. According to Symantec, wearable devices by their nature can open up new attack vectors because the user interacts with them differently.

Lookout reported that taking a photo of a QR code could cause Glass to silently connect to a potentially malicious WiFi access point. Symantec's Candid Wueest said that gives the word photobombing a whole new meaning. Glass doesn't support all general QR codes, she explained, but does use them for reconfiguring the device's preferred WiFi access point.

QR Codes Just One Attack Vector

"Once the Google Glass device connects to the access point of an attacker, the attacker can sniff all the traffic or even redirect users of the device to a malicious Web site," she wrote in a blog post. "Fortunately, Google is aware of this issue and have already fixed it -- so you don't have to keep looking away from QR codes while taking pictures."

But QR codes are not the only potential way to takeover Glass. In fact, Symantec is reporting there are far easier ways to get a mobile device connected to a rogue WiFi access point. Because many people have WiFi enabled all the time on their smartphones, Wueest said, the devices constantly probe the surroundings to see if there is a known access point to connect to.

"Similar behavior is expected in new wearable devices to make it easier for them to connect to the Internet. However, there is software available that will impersonate any network that a device searches for, and this software is quite easy to use," she warned. "You can even buy a small device called WiFi Pineapple that will do all the work for you."

Malicious WiFi Pineapples

Wueest offered an example: Suppose your smartphone is configured to always connect to your home WiFi network with the SSID name "myPrivateWiFi." Now, she continued, imagine you take this smartphone to your local coffee shop where an attacker has installed a malicious WiFi Pineapple.

"When your device searches for "myPrivateWiFi," the attacker's WiFi Pineapple will simply answer the probe request and pretend to be that specific network," she said. "From that point on classic man-in-the-middle attacks, such as session hijacking or sniffing, can be performed. Such attacks can be executed without the device having to recognize any QR code. So even with Google's patch against QR photobombing, Glass remains vulnerable to WiFi hijacking."

Wueest said WiFi hijacking issue is not trivial to solve: Users want a smooth experience that works seamlessly, without the hassle of pairing the devices each time they use a WiFi hotspot. Remembering the MAC (media access control) addresses of the regularly-used access points together with the SSID could help in some instances, she said, but it reduces the seamless experience users desire when roaming.

"In addition, MAC addresses can be easily spoofed by the WiFi Pineapple," Wueest concluded. "The more practicable solution to WiFi hijacking is to treat every network as hostile and ensure that all the applications use encrypted communications like SSL or tunnel through a VPN. That way you don't have to worry about where you are or what you are looking at, but instead can relax and enjoy the sunshine."

Tell Us What You Think
Comment:

Name:

MORE IN PERSONAL TECH

Next Article >

NETWORK SECURITY SPOTLIGHT
This Spotlight
Is Brought to You By:

INSIDE DATA STORAGE TODAY NETWORK SITES SERVICES BENEFITS