Google Glass can be hacked via JavaScript code due to security flaw

Google Glass can be hacked via JavaScript code due to security flaw
It seems that Google Glass is susceptible to MitM (Man in the Middle) hack attacks due to a JavaScript security hole. Recent tests showed that malicious 3rd party Javascript code can be executed on Google's wearable gadget. Any app that is compiled for pre-Jelly Bean versions of Android can exploit 'addJavascriptinterface()' - a function that normally "allows you to inject Java objects into a page's JavaScript context, so that they can be accessed by JavaScript in the page". Unfortunately, the aforementioned function is broken when used under Android 4.1 API 16 or below, which means that wrongdoers can manipulate it and execute maliciuos Java code through WebView without any permission.


The first edition of Google Glass runs Android 4.0.4, which means that the wearable gadget can be easily hacked into if wrongdoers decide to exploit the flaw. According to Google's documentation about the addJavascriptinterface() function, it "is a powerful feature, but also presents a security risk for applications targeted to API level JELLY BEAN or below, because JavaScript could use reflection to access an injected object's public fields". Additionally, the company admits that "use of this method in a WebView containing untrusted content could allow an attacker to manipulate the host application in unintended ways".

MWR Labs, a security company, states that the addJavascriptinterface() issue was discovered back in December 2012. The company also advises all Android users to "remove any and all applications that embed advertisements", because they usually connect to untrusted networks and pose security risks.

source: GitHub, Android via AndroidAuthority

FEATURED VIDEO

5 Comments

1. NokiaFTW

Posts: 2072; Member since: Oct 24, 2012

Another day, another malware attacking Android

2. hafini_27

Posts: 948; Member since: Oct 31, 2013

Really?

3. sprockkets

Posts: 1612; Member since: Jan 16, 2012

All google glass users got a free upgrade to the newer revision of hardware, so they can be updated past 4.3. Nice try though brainless microsoft wp troll.

4. LAFN

Posts: 61; Member since: Jul 19, 2009

What if someone hacked these things and forced the display to flash some sequence of colors that could cause someone to go dizzy, or have a heart attack?

5. wilsong17 unregistered

lol another media hoax

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.