Sign In

Communications of the ACM

ACM TechNews

Symantec: Google Glass Still Vulnerable to Wi-Fi Attack


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Google co-founder Sergei Brin wearing Google Glass.

Just after Google had patched a known vulnerability in its Google Glass wearable computer, Symantec found the device is vulnerable to network-spoofing man-in-the-middle attacks.

Credit: ReluctantHabits.com

Just days after Google announced that it had patched a QR code vulnerability affecting its Google Glass wearable computer, Symantec says it has discovered another vulnerability affecting the device.

Symantec found that Google Glass, like other Wi-Fi devices, is vulnerable to network-spoofing man-in-the-middle attacks, which can be carried out with devices such as the Wi-Fi Pineapple. The Pineapple and similar devices intercept signals from Wi-Fi devices seeking known networks to connect to, and impersonate the service set identifier of that network, tricking the device into connecting. The attacker can then monitor the traffic sent over that connection and view it directly if it is unencrypted.

Users of laptops and mobile devices can usually offset this risk by using a virtual private network (VPN), but the keyboard-less interface of Google Glass makes such a solution problematic. Another possible solution is to have devices check the media access control (MAC) address of a Wi-Fi router before it connects, but MAC addresses also can be spoofed.

"The more practicable solution is to treat every network as hostile and ensure that all the applications use encrypted communications like SSL or tunnel through a VPN," says Symantec's Candid Wueest.

From IDG News Service
View Full Article

 

Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account
ACM Resources