Everyday objects are being transformed by the addition of
sensors that enable them to interact with the world,
processors that enable them to think about it,
and network interfaces that allow them to to talk about it.
The beneﬁts that these intelligent, connected devices bring to
our lives are almost too numerous to count.
You can control the temperature in your home from your phone
with a programmable thermostat.
You can ask your car for directions as you drive.
You can check your email from your game console.
As they connect to each other, sharing what they see, hear, and know,
these new intelligent, thinking devices are driving a second Internet Age.
But when we give these things intelligence and senses,
we also fundamentally change their nature.
Mundane objects that were once familiar and unremarkable from a security
perspective have suddenly become the keepers of sensitive personal information.
For example, the traditional thermostat hanging on the wall held little attraction to
cybercriminals. A connected thermostat — that can tell whoever controls it how many
people live in a house, what technology connects to their network, and, most seriously,
when the house is unoccupied — is an attractive target.
As we change the nature of things, identifying
vulnerabilities and managing updates quickly and
eﬃciently will be paramount.
Connected things need to be thought of as software when it comes
to security, and Google Glass is the perfect example.
We found that Google Glass
carries out a QR code without
you ever having to tell it to.
In theory, this is an awesome idea.
In the future, you could buy a
cup of coﬀee just by looking
at a menu, or if you were in a
foreign country, the menu
would automatically translate
to your language if you had
But it takes control away from you, and opens a
window of opportunity for an attacker.
Exposing sensitive data or
conﬁguration settings should
only happen at the wearer’s
While it’s useful to conﬁgure your Glass QR code and easily connect to wireless networks, it’s
not so great when other people can use those same QR codes to tell your Glass to connect to
their WiFi Networks or their Bluetooth devices.
this is exactly
what we found.
Glass was hacked by the image of a malicious QR code. Both the vulnerability and its method
of delivery are unique to Glass as a consequence of it becoming a connected thing.
Lookout recommended that Google limit QR code execution to
points where the user has solicited it.
We disclosed our ﬁndings to Google on May 16.
Everything is OK
Google clearly worked quickly to ﬁx the vulnerability as
the issue was ﬁxed by version XE6, released on June 4th.
Google made changes that reﬂected this recommendation.
This responsive turnaround indicates the depth of
Google’s commitment to privacy and security for
this device and set a benchmark for how connected
things should be secured going forward.
Embedded hardware developers should take a page out of
Google’s vulnerability management process and approach
wearables, connected things and anything with a sensor with the
same mindset that Google is currently treating Glass.
Just as pressing, in our connected world, security and updates
must be baked into these new devices from the start.
Companies with roots in software engineering will understand
this, while many others may struggle with the unfamiliar issues
and sheer complexity of managing millions of things.
Because a wide array of traditionally mundane items are being connected, many
companies creating connected devices are unfamiliar with the potential dangers they
may be creating for users by failing to act when vulnerabilities arise.
At least four models of insulin pump sold by the manufacturer
Medtronic were vulnerable to wireless attack.
In 2011, Jerome Radcliﬀe discovered that
An insulin pump is an intelligent, connected medical device that
replaces the more traditional syringe method of delivering insulin.
The insulin pump most often works in conjunction with a continuous glucose monitor, a
device with multiday sensors that continuously measures blood glucose levels, passing the
telemetry on to an insulin pump so it can calculate how much insulin to deliver.
This is where the wireless connectivity comes in handy.
Allowing the insulin pump and monitor to talk wirelessly is much more
convenient for the wearer, reducing the number of wires and expanding the
range of devices that can monitor the patient’s well-being.
This is also where the security vulnerability is found.
In designing the way these devices communicate, the only security measure implemented
by the manufacturer was the need to use a valid serial number when communicating. This
means an attacker who uses radio equipment to monitor the traﬃc between a patient’s
monitor and insulin pump can replay that traﬃc, disabling the insulin pump or, even
worse, fooling the insulin pump into delivering incorrect dosages of medicine.
As a consequence, two years on, the Medtronic
Paradigm 512, 522, 712, and 722 insulin pumps
remain vulnerable to wireless attack.
Radcliﬀe disclosed his ﬁndings to Medtronic who ultimately denied that
they were a major concern due to the fact that there was no sign of the
issues being exploited in the wild and due to the fact that they felt it would
be technically diﬃcult for a malicious party to carry the attacks out.
In a world where computing is getting closer to our physical
selves, companies incorporating sensors into their devices
can’t aﬀord a failure of imagination, or a vulnerability
The fact is, there’s an existential question when it
comes to the connected world:
Do you put out
something that makes
life inﬁnitely easier?
Do you hold back
and make sure it’s
It’s going to take a new kind of imagination for every
hardware and software company to secure the next
generation of devices. We can do this.
Read more about our approach to securing the connected world at
Keep in touch with