Google Glass gets Cracked, More Security Issues Arise

When a reviewer, blogger, or practically anyone else familiar with the latest Google?s Glass gadget talks about it, it is practically inevitable that the question of the privacy will pop up at some point. It just goes to show how controversial it really is. Many reviewers have already noted that there is no recording light of any sort while the device is filming something, and it can be used to record videos, photos or anything else without the other people knowing what is going on. Some businesses went as far as to ban the usage of the device before it even jumped into the mass market. But the worst part is yet to come: someone else can do it too – without the owner?s knowledge.

As many Glass developers already know, Google has left the device ?open? ? unlocked in a way so people can play with it as much as they want. Essentially ? to test it out to the limits. An unnamed exploit originally made, or rather implemented by the hacker Bin4ryDigit was used by Jay Freeman (also known as Saurik, creator of the Cydia software application for the iOS) to get the root access on Glass. Being a resourceful developer, and a man who likes to tinker with gadgets, he tweeted the following just as he got his device:

Saurik notes that it takes him less than five minutes to hack the device, and after the process is complete, he can install a custom OS that stealthily monitors everything the device does, hears or sees. Problem with this is the possibility that anyone can do it. ?This exploit is simple enough that you can pull it off with just a couple files, and without any specialized tooling,? Saurik noted this week in his fantastic article about the feat. Not only that the problem is that anyone can do it in a brief period of time, Glass itself is left extremely vulnerable:

?Sadly, due to the way Glass is currently designed, it is particularly susceptible to the kinds of security issues that tend to plague Android devices. The one saving grace of Android’s track record on security is that most of the bugs people find in it cannot be exploited while the device is PIN-code locked. Google’s Glass, however, does not have any kind of PIN mechanism: when you turn it on, it is immediately usable.?

Saurik went on to say how people won?t wear the device the whole time, and once left alone ?it is easy to put the device into Debug Mode using the Settings panel and then use adb access to launch into a security exploit to get root.? Attack doesn?t even require a computer, another Android device is all it takes to perform it. What can be done afterwards is possibly devastating, as the attacker can have even more options and power than if they had access to user’s computer or a phone. He has a clear access to a camera and a microphone on the user?s head, and he can see all the PINs, all the passwords and so forth.

It is not even difficult to notice the possibility of the industrial espionage, as many Google employees are wearing the Glass everywhere. Security of this gadget surely needs to improve before it enters the mass market, and that will likely be the case. Saurik did give a word or two of advice as to what Google ought to do in order to increase the security level of their gadget: ?they should have some kind of protection on your Glass that activates when you take it off (?) it might be possible to use some kind of eye-based biometric (?) voiceprint (?) Otherwise, a simple PIN code would suffice.? Rest of Saurik?s thoughts are certainly worth a read (including the scolding of the Google engineers, advocates, and officers due to lack of serious approach to the matter), and the text can be found on the link.

Curiously, at the similar point in time (few days ago) Google has posted an official Glass how-to-video, and while it is short, it does cover the touch controls, which could potentially be used for PIN code input and some other details: