Google Glass Press (3)

It didn’t take long, it never does, but Google Glass has been rooted. It seems that the process was started by Liam McLoughlin (@Hexxeh) who claimed that root access should be easy as Google Glass supports ADB access in a debug mode – an equivalent of the typical Android “Enable USB Debugging” option. However Jay Freeman (@saurik) pointed out this Debug mode doesn’t lead to easy root access as a  compatible kernel image is needed. Eventually Freeman managed to exploit the Google Glass kernel using a symbolic link race condition that is present in all releases of Android 4.0.x.

Freeman, who is better known for his work on Jailbreaking iPhones and for Cydia, the alternative App store for Jailbroken iPhones, has posted a tutorial on how to jailbreak Google Glass but he has also written about the security challenges and privacy issues that exist when a wearable computing device can be hacked.

The problem is that Google Glass hears and sees everything you do. In a worse case scenario a hacked version of Google Glass can store and transmit everything you see and hear to a malicious third party. This includes passwords, PIN numbers, bank cards, bank accounts, door codes and even everything you write on bits of paper.

Although this was always true of smartphones, in that malware could be installed that took pictures and recorded audio, people tend to keep their phones in their pockets or on a shelf. Even if a smartphone was bugged, I don’t hold it up to the screen while I am using the ATM! But wearable computers are different. Even if a user remembers to remove Google Glass when using the ATM there are going to be hundreds of moments throughout the day where a remote malicious third party can benefit from private information that can be captured on a compromised device. Imagine what you could discover if you were able to root and install surveillance software on Sergey Brin’s Google Glass headset!

But how easy is it to comprise someone’s Google Glass headset?

Google Glass Vision

Too easy. If you like conspiracy theories then it isn’t hard for you to imagine someone surreptitiously rooting your Google Glass while you sleep. But it doesn’t need to be that clandestine, even a work colleague or a so-called friend could access your Google Glass while you are distracted and install malware. At the moment root access was achieved using a PC via the USB cable, but achieving root by connecting Google Glass to another mobile device should be possible.

[quote qtext=”A USB ‘On-The-Go’ cable could connect from your pocket under your shirt to your right sleeve. With only some momentary sleight-of-hand, one could ‘try on’ your Glass, and install malicious software in the process.” qperson=”Jay Freeman” qsource=”” qposition=”center”]

Google Glass’ biggest security issue today seems to be the lack of a lock screen. As soon as Google Glass is picked up it can be accessed without any authentication.  In general, most of Android’s security vulnerabilities can’t be exploited if the device has a PIN code set, however Google Glass does not have any kind of PIN mechanism. Freeman suggests that Google’s first priority should be to add some kind of protection to Glass that activates when it is taken off.

Gary Sims
Gary has been a tech writer for over a decade and specializes in open source systems. He has a Bachelor's degree in Business Information Systems. He has many years of experience in system design and development as well as system administration, system security and networking protocols. He also knows several programming languages, as he was previously a software engineer for 10 years.
  • santiago

    I think you should question “how far can you go with camera stickin on your head”.

    I mean, men wearing google glass still can’t go inside women’s restroom, can they ? :P

    hidden cam still rules, lol lol

  • I don’t think we have scratched the surface of this , think about it in say 5 years or so if these devices become more and more sophisticated and commonplace you are effectively turning humans into walking data collection devices , if everyone eventually gets one then street crime will be slashed as anyone wearing one would record what is happening along with everyone else in the immediate area which in most cases would be a good thing.I can see these becoming standard issue for the police or other public workers.On the other hand i can see a time when they become so commonplace that your employers not content with shoving a tracker in your vehicle and monitoring how long you take a crap for will require you to wear one allowing them to see and hear everything that you say or do whilst working for them (it will happen don’t doubt it) , combining the technology with facial recognition will make it virtually impossible for anyone to ever have any kind of privacy again think its bad now with cameras everywhere multiply that by a factor of millions .Then there are the issues with having POV videos becoming the norm not even including the porno aspects which i have no doubt there will be loads think 3d video pov recording capability! guaranteed there will be POV videos of horrendous stuff hitting the net , having sick shit like decapitation videos on Facebook is sick enough , hell with these you can experience in from a first person perspective.Then there will be mothers screaming about anyone who even looks at their spawn with one of these on …. whole can o worms