Google Glass vulnerable to Wi-Fi attacks, says Symantec
Google Glass is still vulnerable to attacks via Wi-Fi, according to Symantec. This comes just after the search giant patched a QR-code vulnerability that was made public earlier this week.
In a blog titled "Google Glass still vulnerable to Wi-Fi hijacking despite QR photobombing patch," Symantec threat researcher Candid Wueest noted that a hacker could impersonate a known Wi-Fi network with just $100 worth of hardware to potentially hijack Google Glass's network traffic.
Wueest was referring to the Wi-Fi Pineapple, a portable hot-spot tool used by penetration testers and other security professionals. This tool exploits the behavior of wireless devices which constantly probe their surroundings for a known Wi-Fi access point for Internet connectivity. By masquerading as the wireless network being sought after, the Wi-Fi Pineapple can position itself into a classic man-in-the-middle attack to do session hijacking or sniffing.
To be clear, the problem isn't actually limited to Google (NASDAQ: GOOG) Glass; any Wi-Fi enabled product is also potentially vulnerable to this attack vector. As opposed to a laptop though, Google Glass does carry a heightened risk profile, as it is always on.
The Fierce Take: This is a somber reminder to enterprises that a robust Wi-Fi network takes more than just installing a few Wi-Fi access points around the office. Indeed, a proper deployment should include configuring it for proper authentication, as well as setting up a WIDS (Wireless Intrusion Detection System) and a WIPS (Wireless Intrusion Prevention System), among other protections.