Google Glass vulnerable to JavaScript exploit

Google_Glass_Prescription_Lenses_01

There was a security issue back in Android 4.1 that would allow malicious code (specifically JavaScript) to interject itself into apps that created a WebView, which is something typically done when an app opens up a web window to display an external website, ads, etc. Needless to say, that’s a pretty common thing on Android apps. and apparently that potentially dangerous bug is present in Google Glass, too.

Metasploit, a popular vulnerability testing framework, added a new test module that would allow users to test how vulnerable some versions of the Android browser are to being hacked from shell access, and that’s when this exploit was found in Glass. The exploit would involve a man-in-the-middle hijacking that WebView instance, which wouldn’t be too difficult to do if you’re on a public WiFi or anything that isn’t well secured. At that point, the malicious code could do anything from taking photos with your device to remotely turning on your microphone. Definitely not a good thing.

Right now, I don’t think you can really fault Google too much for this. In fact, the whole point of the Glass Explorer program is to get people busy finding serious bugs like this before Glass is released to the public. I’d expect to have this issue resolved long before Google Glass is officially hitting store shelves.

source: Dave Slocombe

via: Android Authority

» See more articles by Jared Peters


Google+2Facebook9Twitter27
  • guest

    Same reason you should not leave a camera or mic connected to your computer: there is nothing but software keeping out every asshole on the internet out of your home! I predict that something similar to Glass but without a camera and mic will be more successful than Glass in the long run…