Tuesday, July 23, 2013

Google Glass Vulnerable to Wifi Attack According to Symantec

Symantec has uncovered another vulnerability within the Google Glass platform while testing in its labs.  The article was published on Tech Hive earlier this week.

The initial vulnerability was related to QR codes, the patchwork UPC-like patterns that can transfer information, such as a website, when scanned off a product, poster or periodical. Google Glass would scan a malicious QR code which would redirect the user to a website hosting a known Android 4.04 vulnerability which would give the host complete control over the device. That issue has since been patched.

The new vulnerability that was discovered relates to auto-connecting to known networks that a user has used before. This is something almost all wireless devices do as a convenience to the user. Unfortunately that convenience comes at the price of vulnerability. For as little as $100 a hacker can purchase a device that impersonates the known network and imitates it's SSID. This causes the user's device to automatically connect to the hacker's network without knowing.

A common scenario is your device will search for a WiFi hotspot. It will find the network, which may look to be a known WiFi connection, like Starbucks or AT&T, but it would be a spoofed network in disguise.  Your device would then connect to the malicious hotspot. Once you're connected to the device it will allow you to connect to the internet where it will be between you and the server you are accessing. This allows the device to spy on any and all unencrypted traffic going over the connection and is known as a man-in-the-middle attack (MITM).

This, of course, is not limited to just Google Glass. It can be an issue for any device connecting to a known network such as a coffee shop, library, or even your own network. The best deterrent for this that more and more people are turning to is running a VPN service. This way, even if the device is able to have you connect through it, the information being sent and received is unreadable. Effectively making you safe from possible MITM attacks.

The news highlights that even the latest technologies are vulnerable to such rudimentary attacks and additional steps should be taken to protect yourself. Running security software such as GoTrusted is one way to provide the protection you need from these kinds of MITM attacks, as well as the myriad of other systems hackers are actively using.