Security research firm Lookout has discovered a Google Glass vulnerability that allowed hackers to use QR codes to take control of the wearable device. The vulnerability has already been patched by Google, clearing the way for Lookout to detail how the exploit worked. Using a "malicious" QR code, Lookout was able to force Glass to silently connect to a Wi-Fi access point, which let the researchers view all of the data flowing to and from the device. When combined with an Android 4.0.4 web vulnerability, the hack apparently gave researchers full control of the Glass headset. It's worth noting that this method relied upon a number of factors, and was extremely unlikely to see widespread use.
As SlashGear reports, Glass's QR code issues center on the way Google asks users to set up their device. Prior to the update, Glass would silently and automatically act on QR codes in images taken with the headset's built-in camera. While this made setting up Glass slightly easier than navigating through a vast number of menus, it also left the door open. It's good to see Lookout and Google working together to quietly fix Glass issues before they reach the public domain, but the exploit also highlights the challenges that Google will face to keep its entirely-new hardware secure when the device hits the mainstream.