Unintended, malicious and evil applications of augmented reality
by Gregory Conti, Edward Sobiesk, Paul Anderson, Steven Billington, Alex Farmer, Cory Kirk, Patrick Shaffer, and Kyle Stammer - Tuesday, 12 February 2013.
For anybody wearing the glasses, text messaging or advertising alerts and similar interruptions would be very distracting and dangerous. You’ve likely seen, on many occasions, drivers attempting to use their cell phones and their resultant erratic driving. Augmented reality devices encourage such “multitasking” behavior at inappropriate times. The results will not be pretty.


People today do stupid things (see the movie Jackass for textbook examples), and in the future, people will continue to do stupid things while wearing augmented reality glasses. One commenter on Google’s YouTube video, PriorityOfVengence1, suggested that someone might even commit suicide wearing Google Glasses.

The context of this comment refers to the end of the video when the main character is on a roof video chatting with his girlfriend and says “Wanna see something cool?” PriorityOfVengence1’s comment received over sixty thumbs up in just three days. While some might laugh at the comment, it highlights a disturbing potential reality. What if people spiraling into depression began streaming their suicide attempts by way of their glasses? It is certainly possible -- this and many other variations of augmented reality voyeurism should be anticipated.

Untrusted reality

The focus of this article is on user applications that behave in accordance with the user’s wishes. However, if we expand our assumptions to allow for malicious software, options become even more interesting. With malicious software on the augmented reality device, we lose all trust in the “reality” that it presents. The possibilities are legion, so we will only suggest a few. The glasses could appear to be off, but are actually sharing a live video and audio feed. An oncoming car could be made to disappear while the user is crossing the street. False data could be projected over users’ heads, such as a spoofed facial recognition match from a sexual offender registry. For related malware research on today’s mobile technology see Percoco and Papathanasiou’s “This is not the droid you’re looking for...” from DEFCON 18 to begin envisioning additional possibilities.


The era of ubiquitous augmented reality is rapidly approaching and with it amazing potential and unprecedented risk. The baser side of human nature is unlikely to change nor the profit oriented incentives of industry. Expect the wondrous, the compelling, and the creepy. We will see all three. However, we shouldn’t have to abdicate our citizenship in the 21st Century and live in a cabin in Montana to avoid the risks augmented reality poses.

As security professionals we must go into this era with eyes wide open, take the time to understand the technology our tribe is building, and start considering the implications to our personal and professional lives before augmented reality is fully upon us. To live in the 21st Century today online access, social networking presence, and instant connectivity are near necessities. The time may come when always on augmented reality systems such as Google Glasses are a necessity to function in society; before that time however we must get ahead of the coming problems. The first few kids who walk into their SAT exams wearing augmented reality glasses and literally see the answers are going to open Pandora’s Box.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th