Communications of the ACM
Symantec: Google Glass Still Vulnerable to Wi-Fi Attack
Just after Google had patched a known vulnerability in its Google Glass wearable computer, Symantec found the device is vulnerable to network-spoofing man-in-the-middle attacks.
Credit: ReluctantHabits.com
Just days after Google announced that it had patched a QR code vulnerability affecting its Google Glass wearable computer, Symantec says it has discovered another vulnerability affecting the device.
Symantec found that Google Glass, like other Wi-Fi devices, is vulnerable to network-spoofing man-in-the-middle attacks, which can be carried out with devices such as the Wi-Fi Pineapple. The Pineapple and similar devices intercept signals from Wi-Fi devices seeking known networks to connect to, and impersonate the service set identifier of that network, tricking the device into connecting. The attacker can then monitor the traffic sent over that connection and view it directly if it is unencrypted.
Users of laptops and mobile devices can usually offset this risk by using a virtual private network (VPN), but the keyboard-less interface of Google Glass makes such a solution problematic. Another possible solution is to have devices check the media access control (MAC) address of a Wi-Fi router before it connects, but MAC addresses also can be spoofed.
"The more practicable solution is to treat every network as hostile and ensure that all the applications use encrypted communications like SSL or tunnel through a VPN," says Symantec's Candid Wueest.
From IDG News Service
View Full Article
Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA
No entries found