J
Jared Peters
Guest
There was a security issue back in Android 4.1 that would allow malicious code (specifically JavaScript) to interject itself into apps that created a WebView, which is something typically done when an app opens up a web window to display an external website, ads, etc. Needless to say, that’s a pretty common thing on Android apps. and apparently that potentially dangerous bug is present in Google Glass, too.
Metasploit, a popular vulnerability testing framework, added a new test module that would allow users to test how vulnerable some versions of the Android browser are to being hacked from shell access, and that’s when this exploit was found in Glass. The exploit would involve a man-in-the-middle hijacking that WebView instance, which wouldn’t be too difficult to do if you’re on a public WiFi or anything that isn’t well secured. At that point, the malicious code could do anything from taking photos with your device to remotely turning on your microphone. Definitely not a good thing.
Right now, I don’t think you can really fault Google too much for this. In fact, the whole point of the Glass Explorer program is to get people busy finding serious bugs like this before Glass is released to the public. I’d expect to have this issue resolved long before Google Glass is officially hitting store shelves.
source: Dave Slocombe
via: Android Authority
Come comment on this article: Google Glass vulnerable to JavaScript exploit
Visit TalkAndroid for Android news, Android guides, and much more!
News via TalkAndroid