Google Glass hacked with malicious QR code to yield its pictures and video

Lookout Security discovers flaw in early software on Google head-mounted system which lets it take control of data coming from wearable system.
Researchers at mobile security company Lookout discovered a security flaw in Google Glass which allowed them to capture data being sent from the head-mounted device to the web without the user's knowledge.
The flaw used the fact that the head-mounted Glass camera scans any photo it takes for a QR code in order to set up Wi-Fi or Bluetooth connections to a smartphone for internet access.
Whenever the Glass software detects a QR code, it decodes it to see if it names a Wi-Fi network to connect to. It will do this even if the code does not occupy the whole of the frame - so a hacker could get a Glass owner to hack their own device just by standing near a printout of special QR code.
"We created a QR code that told Glass to connect to a Wi-Fi network of my choosing and started sending data to that," Marc Rogers, principal security analyst at Lookout, told the Guardian. "We could become the middleman, and if we needed to strip out the encryption on the connection. Then we could see the pictures or video that it's uploading. We could also direct it to a site on the web which exploits a known vulnerability in Android 4.0.4" - used by Glass - "which hacked Glass at it browsed the page."
Rogers says that he discovered the flaw - which was disclosed to Google, and has since been fixed by a software update - on 17 May after about a week of experimentation. "I tried to work out where it was different from its parent smartphone," he said.

Source: https://www.guardian.co.uk/technology/2013/jul/17/google-glass-hacked-vulnerability-image