x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • Google Glass can be hacked via JavaScript code due to security flaw

Google Glass can be hacked via JavaScript code due to security flaw

Google Glass can be hacked via JavaScript code due to security flaw
It seems that Google Glass is susceptible to MitM (Man in the Middle) hack attacks due to a JavaScript security hole. Recent tests showed that malicious 3rd party Javascript code can be executed on Google's wearable gadget. Any app that is compiled for pre-Jelly Bean versions of Android can exploit 'addJavascriptinterface()' - a function that normally "allows you to inject Java objects into a page's JavaScript context, so that they can be accessed by JavaScript in the page". Unfortunately, the aforementioned function is broken when used under Android 4.1 API 16 or below, which means that wrongdoers can manipulate it and execute maliciuos Java code through WebView without any permission.

"JavaScript interacts with Java object on a private, background thread of this WebView. Care is therefore required to maintain thread safety." - the documentation for the function states.

The first edition of Google Glass runs Android 4.0.4, which means that the wearable gadget can be easily hacked into if wrongdoers decide to exploit the flaw. According to Google's documentation about the addJavascriptinterface() function, it "is a powerful feature, but also presents a security risk for applications targeted to API level JELLY BEAN or below, because JavaScript could use reflection to access an injected object's public fields". Additionally, the company admits that "use of this method in a WebView containing untrusted content could allow an attacker to manipulate the host application in unintended ways".

MWR Labs, a security company, states that the addJavascriptinterface() issue was discovered back in December 2012. The company also advises all Android users to "remove any and all applications that embed advertisements", because they usually connect to untrusted networks and pose security risks.

source: GitHub, Android via AndroidAuthority

5 Comments
  • Options
    Close




posted on 07 Feb 2014, 09:27 2

1. NokiaFTW (Posts: 2058; Member since: 24 Oct 2012)


Another day, another malware attacking Android

posted on 07 Feb 2014, 10:03 3

2. hafini_27 (Posts: 301; Member since: 31 Oct 2013)


Really?

posted on 07 Feb 2014, 11:59 1

3. sprockkets (Posts: 1356; Member since: 16 Jan 2012)


All google glass users got a free upgrade to the newer revision of hardware, so they can be updated past 4.3.

Nice try though brainless microsoft wp troll.

posted on 07 Feb 2014, 12:15 1

4. LAFN (Posts: 47; Member since: 19 Jul 2009)


What if someone hacked these things and forced the display to flash some sequence of colors that could cause someone to go dizzy, or have a heart attack?

posted on 07 Feb 2014, 13:36

5. wilsong17 (Posts: 1088; Member since: 10 Mar 2013)


lol another media hoax

Want to comment? Please login or register.

Latest stories