Hacking Google Glass Privacy – the Tip of the Iceberg (with SNL video)
Google Glass Privacy
When Google released a trial version of its much-anticipated and much-hyped Augmented Reality lens (popularly known as Google Glass) to developers back in April, I wrote a blog on Google Glass Privacy. Now is a good time to check in and see what’s happened since the glasses have fallen into the hands of developers. By developers, I mean hackers (many of them of the good, or white-hat variety). Google gave Google Glasses to 1500 developer/hackers (well, sold them-for $1,500 to those who won an essay-based lottery). Brilliant move really, because these people are showing Google (and us, and future hackers) exactly what can, and will, happen when the mainstream public gets their hands on it. Here are some of the unintended uses of Google Glass:
- Jay Freeman gained root access to Google Glass in less than two hours while having dinner with friends. In his words, “A bugged Glass doesn’t just watch your every move: it watches everything you are looking at (intentionally or furtively) and hears everything you do. The obvious problem, of course, is that you might be using it in fairly private situations. The only thing it doesn’t know are your thoughts.”
- Marc Rogers, the principal researcher at Lookout Mobile Security, was able to take the ability of Google Glass to read and automatically connect to the URL of a QR code and trick the system into connecting to an attack network through a malicious QR code.
- Stephen Balaban has created a facial recognition system. He said, “Essentially what I am building is an alternative operating system that runs on Glass but is not controlled by Google.”
- Michael DiGiovani generated the “Winky” app for Glass, which allows the user to take a picture simply by winking. Great concept except the whole idea of needing to tap the device or give a voice command was supposed to let people know when their picture was being taken!
- The researchers at Catwig were able to completely take apart Glass and have quite a bit of fun, even attaching it to prescription glasses (with minimal success). It reminds me of the SNL skit with Fred Armisen (as tech correspondent Randall Meeks) that you have to watch (see video).
Google has changed its terms of service to ban apps that defy their original intentions for use of Glass. Google has also been quick to respond to hacks, solving issues within as little as two weeks.
It’s a good effort in the way that melting the exposed portion of an iceberg makes you feel better, but still leaves your Titanic exposed underneath the water. Realistically, the hackers will always be one step ahead of the corporations and law enforcement. In other words, as Google Glass begins to roll out, you should just assume that you’ll always be on someone else’s “Candid Camera”.
John Sileo is a keynote speaker and CEO of The Sileo Group, a privacy think tank that trains organizations to harness the power of their digital footprint. Sileo’s clients include the Pentagon, Visa, Homeland Security and businesses looking to protect the information that makes them profitable.