Google Glass hacked, could be used for spying
Posted on 03 May 2013.
The advent of Google Glass - the Augmented reality, head-mounted display that looks like a pair of glasses (albeit a little more high-tech) and allows users to access information and record everything they see and hear - has people worried about their privacy.


So far, only developers and certain consumers who were admitted into the early adopter program have had the chance to test the device, and among them is technology consultant and Android hacker Jay "saurik" Freeman, who discovered that hacking Google Glass (the "Glass Explorer Edition") and using it to spy on the wearer is not that difficult for those who know what they are doing and have physical access to the device.

According to a very long post in which he explained the technical details of how to do it, he showed that a number of things conspired to make the device vulnerable and "rootable." In short, a malicious individual can easily put the device into Debug Mode using the Settings panel and then use adb access and an exploit to get root access to it.

"Once the attacker has root on your Glass, they have much more power than if they had access to your phone or even your computer: they have control over a camera and a microphone that are attached to your head. A bugged Glass doesn't just watch your every move: it watches everything you are looking at (intentionally or furtively) and hears everything you do," he writes. "The only thing it doesn't know are your thoughts."

He also pointed out that Glass can record the passwords, PINs, door codes and other similar things the user types or writes by hand.

In the wake of the post, a Google engineer commented that they intentionally left the device unlocked so that testers could "play" with it and hack it, and another took umbrage at Freeman's reference to "rooting" the device, pointing out that "It's not rooting if they let you do it on purpose!"

Freeman responded that "as long as engineers, advocates, and officers from Google make statements like these without carefully looking into the facts first, it will not be possible to have any kind of reasonable and informed discussion about this system."

"The doors that Google is attempting to open with Glass are simply too large, and the effects too wide-reaching, for these kinds of off-the-cuff statements to be allowed to dominate the discussion," he pointed out, and added a few ideas on how to solve some of the problems that he perceived with the device and its use.

"We recognize the importance of building device-specific protections, and we're experimenting with solutions as we work to make Glass more broadly available. It's also important to understand that Glass doesn’t access many parts of a Google Account, including settings or many products. And your personal MyGlass site allows you to change the content that you see on Glass or, if you misplace it, wipe all the data off your device," Google officially commented.

To be fair, this version of Glass is surely not the one that will end up in production and on the nose of consumers. That's why they have the testing program, so that any potential problem might be solved beforehand.









Spotlight

Free security software identifies cloud vulnerabilities

Posted on 21 October 2104.  |  Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //