The following is a quote from a PC Mag article about a security vulnerability that was found in Google Glass.
“On the face of it, it’s a really exciting development,” said Rogers. “But the issue is the moment Glass sees a command code it recognizes, it executes it.” With this knowledge, Lookout was able to produce malicious QR codes that forced Glass to perform actions without the user’s knowledge.
I really want to know how this feature happened. I have this mental picture of some guy in a room of engineers going, “Hey guys, I have a brilliant idea…” and then following that with the suggestion that they make the Glass software auto-execute commands from QR codes.
This is probably not the last incident we’ll hear like this. Technology is becoming more portable and, in the case of Google Glass, more personal. This, I think, is going to necessitate a culture more aware of information security. Which, in my opinion, is good. I think that a culture that’s more aware of such things ultimately will choose companies who share their views. That, I think, eventually leads to fewer companies being able to get away with providing a less than excellent product to their customers.
To their credit, Google handled this issue pretty swiftly after it was reported to them. Software flaws happen. Bad features get implemented. What counts is how you respond when it’s obvious you have a flaw or a bad feature.