Google Glass before XE6 does not properly restrict the processing of QR codes, which allows physically proximate attackers to modify the configuration or redirect users to arbitrary web sites via a crafted symbol, as demonstrated by selecting a Wi-Fi access point in order to conduct a man-in-the-middle attack.
https://exchange.xforce.ibmcloud.com/vulnerabilities/85804
https://blog.lookout.com/blog/2013/07/17/hacking-the-internet-of-things-for-good/