| Recurring |
one_organization, multiple_organization |
a) The software failure incident related to the security flaw in Google Glass was discovered by researchers at Lookout and disclosed to Google, which then fixed the flaw through a software update [20076].
b) Lookout also confirmed the existence of a serious vulnerability in Android potentially affecting 99% of smartphones running the system, which was reported by Bluebox Security, a security startup based in San Francisco. This vulnerability involved a "master key" that could allow hackers to modify the code of a downloadable app to turn it into a Trojan while retaining its old cryptographic signature on the Play store. Google took measures to prevent this, and Lookout confirmed the flaw's existence and rolled out a fix for customers using its software [20076]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase is evident in the discovery of a security flaw in Google Glass by researchers at Lookout. The flaw allowed hackers to capture data being sent from the head-mounted device to the web without the user's knowledge. This flaw exploited the design feature of Glass where the camera scans any photo for a QR code to set up Wi-Fi or Bluetooth connections, allowing hackers to manipulate the device through specially crafted QR codes. This flaw was identified by Marc Rogers, principal security analyst at Lookout, who experimented to understand the differences between Glass and its parent smartphone, leading to the discovery of the vulnerability. Google was informed about the flaw, and a software update was released to fix it [20076].
(b) The software failure incident related to the operation phase is highlighted by the fact that the vulnerability in Google Glass was exploitable by simply standing near a printout of a special QR code. This means that the operation or use of the device, such as taking a photo with the camera, could inadvertently trigger the exploitation of the flaw by an attacker. The flaw allowed hackers to intercept data, direct the device to connect to a malicious Wi-Fi network, and potentially exploit known vulnerabilities in the Android system used by Glass. This operational aspect of the flaw made it possible for attackers to manipulate the device's behavior without the user's knowledge, emphasizing the importance of operational security in mitigating such risks [20076]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) The software failure incident related to the Google Glass vulnerability discovered by Lookout was within the system. The flaw in Google Glass allowed hackers to exploit the device's image recognition feature to manipulate it into connecting to a malicious Wi-Fi network or visiting a compromised website, leading to potential data interception and exploitation [20076]. The vulnerability was inherent to the design and functionality of Google Glass, specifically in how it processed QR codes for setting up connections, highlighting an internal flaw within the system itself. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident related to non-human actions was the security flaw discovered in Google Glass by researchers at Lookout. The flaw allowed data to be captured from the head-mounted device to the web without the user's knowledge. This flaw exploited the fact that the Glass software would automatically connect to a Wi-Fi network when it detected a QR code, even if the code did not occupy the whole frame. This flaw was not introduced by human actions but was a vulnerability in the software itself [20076].
(b) The software failure incident related to human actions was the discovery by Lookout researchers of a security flaw in Google Glass that could be exploited by hackers. The researchers were able to create a QR code that instructed Glass to connect to a Wi-Fi network of their choosing, allowing them to intercept data being sent from the device. This flaw was disclosed to Google and subsequently fixed through a software update. Additionally, Bluebox Security reported a vulnerability in Android that could allow hackers to modify code in downloadable apps to turn them into Trojans. Google took measures to prevent this, but Lookout confirmed the flaw's existence and rolled out a fix for customers using its software [20076]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident related to hardware:
- The software failure incident involving Google Glass was due to a security flaw that allowed hackers to capture data being sent from the device to the web without the user's knowledge [20076].
- The vulnerability exploited the fact that the Glass camera scans photos for QR codes to set up connections to Wi-Fi networks, indicating a hardware-related feature that was manipulated by the software flaw [20076].
(b) The software failure incident related to software:
- The security flaw in Google Glass, which allowed unauthorized data capture, was a result of a software vulnerability that enabled hackers to manipulate the device's behavior through specially crafted QR codes [20076].
- The flaw was discovered by researchers at Lookout and was disclosed to Google, who subsequently fixed it through a software update, indicating that the root cause of the failure was a software issue [20076]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident related to the Google Glass vulnerability discovered by Lookout researchers was malicious in nature. The security flaw allowed hackers to exploit the QR code scanning feature of Google Glass to gain unauthorized access to the device, intercept data, and potentially hack into the device by directing it to a malicious website exploiting vulnerabilities in the Android system used by Glass. The flaw was intentionally created by the researchers to demonstrate the potential risks associated with connected devices like Google Glass [20076].
(b) The software failure incident was non-malicious in the sense that the researchers at Lookout who discovered the vulnerability did not have malicious intent towards Google Glass or its users. Their objective was to identify and disclose the security flaw to Google so that it could be fixed to prevent potential exploitation by malicious actors. The discovery of the vulnerability was part of ongoing research into security vulnerabilities in connected devices, highlighting the importance of proactive security measures in the rapidly expanding "internet of things" ecosystem [20076]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The software failure incident related to the Google Glass vulnerability can be attributed to poor decisions made in the design and implementation of the device's software. The flaw allowed hackers to exploit the QR code scanning feature of Google Glass to gain unauthorized access to the device and potentially compromise user data. This vulnerability was discovered by researchers at Lookout, who were able to manipulate the QR code to direct Glass to connect to a malicious Wi-Fi network and exploit known vulnerabilities in the Android software used by Glass [20076].
(b) The incident can also be seen as a result of accidental decisions or unintended consequences in the development of the Google Glass software. The flaw in the QR code scanning feature, which led to the security vulnerability, was not intentionally designed to be exploited by hackers. It was a result of oversight in the software's functionality, allowing for unauthorized access and potential data breaches [20076]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident related to development incompetence can be seen in the discovery of a security flaw in Google Glass by researchers at Lookout. The flaw allowed hackers to capture data being sent from the head-mounted device to the web without the user's knowledge. This flaw was due to the fact that the Glass software would decode any QR code it detected, potentially allowing hackers to exploit this feature to gain unauthorized access to the device [20076].
(b) The accidental software failure incident can be observed in the unintentional vulnerability discovered in Android potentially affecting 99% of smartphones running the system. This vulnerability, reported by Bluebox Security, involved a "master key" that could allow hackers to modify the code of a downloadable app to turn it into a Trojan while retaining its old cryptographic signature on the Play store. Google took measures to prevent this, but Lookout confirmed the flaw's existence and rolled out a fix for customers using its software [20076]. |
| Duration |
temporary |
The software failure incident related to the security flaw in Google Glass can be categorized as a temporary failure. The flaw was discovered by researchers at Lookout, reported to Google, and subsequently fixed by a software update within two weeks of being reported [20076]. This indicates that the failure was temporary and not permanent, as the contributing factors were introduced by certain circumstances (the vulnerability in the software) and were addressed through a specific fix. |
| Behaviour |
omission, value |
(a) crash: The software failure incident related to the Google Glass vulnerability did not involve a crash where the system loses state and does not perform any of its intended functions. Instead, it involved a security flaw that allowed unauthorized access and manipulation of data [20076].
(b) omission: The vulnerability in Google Glass allowed for the omission of performing its intended functions securely. The flaw enabled hackers to manipulate the device to connect to a Wi-Fi network of their choosing and potentially access and redirect data without the user's knowledge [20076].
(c) timing: The software failure incident did not involve a timing issue where the system performed its intended functions too late or too early. The vulnerability allowed immediate unauthorized access and manipulation of data once the QR code was detected by the Glass software [20076].
(d) value: The software failure incident related to the Google Glass vulnerability falls under the category of a failure due to the system performing its intended functions incorrectly. The flaw allowed for the device to be manipulated to connect to unauthorized Wi-Fi networks and potentially expose sensitive data to hackers [20076].
(e) byzantine: The software failure incident did not exhibit behavior characteristic of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. The vulnerability in Google Glass allowed for a specific type of unauthorized access and data manipulation, rather than erratic or inconsistent behavior [20076].
(f) other: The software failure incident related to the Google Glass vulnerability can be categorized as a security vulnerability that allowed for unauthorized access and manipulation of data, which could potentially lead to privacy breaches and exploitation of the device's features [20076]. |