Earlier this week, an exploit surfaced by way of Lookout Mobile Security that would allow Google Glass to be controlled by a hacker using malicious QR codes. This was quickly – and quietly – patched, but another threat remains, one that extends beyond Glass and could facilitate data theft: a WiFi-based vulnerability that utilizes a man-in-the-middle attack to get the device to connect to a malicious wireless network.
This information comes from Symantec, who refers to a device called a Wi-Fi Pineapple, which functions by impersonating a wireless network that a device – such as Glass – has already connected to in the past. It does this by using the network’s SSID. So, for example, if Glass had previously connected to a network called My Awesome WiFI, the device could impersonate that SSID while instead broadcasting a malicious network.
This takes advantage of a feature that most devices have, whereby they remember a network they have previously connected to and stay on the outlook for it. The result of this is convenient – the device will automatically connect to a recognized network, removing the hassle. It is also where the vulnerability lies, and users should be aware of it, says Symantec.
Of course, this problem could affect any device that does this, but Glass is said to make avoiding this problem more difficult due to the way its interface works, sans any input devices like a keyboard. Glass will find a network it recognizes and connect to it, and the user may never notice anything off about it.
Although the problem is known, figuring out a solution that works to avoid this kind of potential attack is more complicated, with Symantec saying that things like utilizing MAC addresses are still vulnerable. For now, users are advised that the “practicable solution” is to act like any network can be malicious, and to either utilize encryption or a VPN.
SOURCE: Tech Hive