Google Glass, the wearable computer being developed by the search giant, might be a threat to its owners’ privacy because it has no PIN or authentication system, hackers have discovered.
Jay Freeman, a Santa Barbara-based programmer who specialises in cracking smartphone security for both iPhone and Android devices, discovered that Glass has a “root” capability which can be enabled by attaching it to a desktop computer and running some commands.
That would then give a hacker the ability to take control of the Glass’s output – meaning a hacker could monitor everything the owner was doing from a smartphone in their pocket.
“Once the attacker has root on your Glass, they have much more power than if they had access to your phone or even your computer: they have control over a camera and a microphone that are attached to your head,” explains Freeman in a blogpost.
“A bugged Glass doesn’t just watch your every move: it watches everything you are looking at (intentionally or furtively) and hears everything you do. The only thing it doesn’t know are your thoughts.”
He points out that “it knows all your passwords, for example, as it can watch you type them. It even manages to monitor your usage of otherwise safe, old-fashioned technology: it watches you enter door codes, it takes pictures of your keys, and it records what you write using a pen and paper. Nothing is safe once your Glass has been hacked.”
Even if the device shows a red light to show others when its video camera is on, a user probably wouldn’t notice it – because the light would be facing away from them.
Freeman reckons that about 10 minutes would be enough for a hacker to install a “rooted” version of the software that Glass ships with.
“Sadly, due to the way Glass is currently designed, it is particularly susceptible to the kinds of security issues that tend to plague Android devices,” he writes.