Feeds

back to article Ultra-hackable Google Glass could be a security nightmare

Google's high-tech Glass headsets might be a gadget enthusiast's dream, but in their current form they're far too vulnerable to malicious hacking, according to one developer who has had access to the devices. In a lengthy blog post on Tuesday, technology consultant Jay Freeman – who goes by the hacker handle "Saurik" – gave a …

COMMENTS

This topic is closed for new posts.
Silver badge
Facepalm

Stupidest Reg story ever?

>"To address these concerns, Freeman says he would like to see Google make significant changes to the way Glass is designed, particularly before it is released in a version for consumers."

D'oh - isn't that the point of releasing a "developer" version, separate from the consumer version?

13
0
Silver badge
Meh

Re: Stupidest Reg story ever?

So there you have it, someone might hack your Glass and give you the wrong directions, or worse still play you a Justine Beiber video while you are enjoying a coffee and talking to your friends.

This is truly life threatening.....

3
1
Anonymous Coward

Re: Stupidest Reg story ever?

Maybe Google could use the fee they would have paid Microsoft to license Android and buy something more secure like a Windows Phone OS license....

1
5
Silver badge
FAIL

Nothing to see (as usual?)

From the same article: "This means that if you leave your device in someone else's hands, and it has an unlocked bootloader, with just a minute alone they can access anything you have stored on it.".

So how do we unlock the bootloader? That is explained in the same article, and well.. I consider the explanation itself more then enough to label this a "non issue":

"The most common command to unlock the bootloader is simply "unlock". On most devices that provide this command, a menu will be displayed that explains that by unlocking the bootloader your warranty will be voided, and that it is disrecommended by the manufacturer. It also has a side effect: it will delete all of your personal data stored on the device (I mention this in more detail later, and explain why).".

For me it's simple.. Leave your device in the hands of a stranger and its contents are in jeopardy, this is the same as with any other mobile device. But the other thing, as can be read here, in order to make this exploit work attackers don't only need physical access but unlock the bootloader as well, which effectively removes all your data. Yet isn't the common idea of an exploit to get their hands on your data first?

So; don't leave your device with someone you don't trust and all is well. Yet if you happen to do so anyway and they are going to try something nasty chances are high they won't be able to get to your private stuff. Mission accomplished.

Why not try another article when there are some real exploits to report? At the very least something remote (here's assuming Glass uses wifi and such).

6
0
Unhappy

Re: Nothing to see (as usual?)

What if the hacker doesn't care about the data on your Glass? From the article:

"An attacker who has installed spyware on your Glass headset could potentially watch you entering door codes, take pictures of your keys, record your PIN as you enter it into a bank teller machine, and intercept everything you type on computer keyboards, including passwords."

0
0
Linux

<Insert scaremongering Sun headline here>

'We intentionally left the device unlocked', Neil McAllister April 29 2013

"Easy root access opens spyware floodgates", Neil McAllister May 01 2013

What's different between now and last monday to cause such a change of opinion. Where did Google ever claim that the device was unhackable with physical access.

3
0

Re: <Insert scaremongering Sun headline here>

"Where did Google ever claim that the device was unhackable with physical access."

That old koan that anyone can hack your machine if they have physical access is logical when you're talking about a computer that by rights should be secured behind multiple layers of card key locks, security guards, surveillance cameras and iron cages. But Glass users are going to be taking their devices everywhere -- to work, to school, to restaurants, to bars, to other people's houses. By definition, different rules apply. Glass needs to be at LEAST as secure as an Android phone, but as you'll see if you read the article, at present it's not. Right now, it's hackable in the time it takes you to go to the toilet.

2
5
Alert

The difference...

The difference between the last story and this one -- and maybe I should have made this more explicit in the story -- is that while Freeman did root his device, he did it WITHOUT unlocking the bootloader. He does explain how to unlock it in his post, but that was NOT how he got into his Glass.

1
0
Silver badge
Stop

Re: The difference...

@Neil - but don't you think that ten thousand security flaws are going to show up and (hopefully) be squashed between now and launch - just like other computing devices?

And post-launch - don't you think Google and others will be looking for bugs and potential hacks and trying to fix them? Just like other computing devices?

I'm quite certain that these eyeglasses will eventually be hacked to death, and people's entire lives will be stolen out from under them - just like with Android phones and iPhones and every credit card on earth. But I highly doubt that this one hack survives without being addressed all the way up to the date of the consumer Glass launch.

5
0

Re: The difference...

I don't know. Why do you expect me to be able to answer these questions today? When someone answers them, I'll let you know. In the meantime, are you telling me you think the right approach is to ignore the issue? That attitude seems strange to me.

1
4
Silver badge
Thumb Down

Re: The difference...

"are you telling me you think the right approach is to ignore the issue? "

No, the correct approach is to report it without the lurid "we're all gonna die" headline. A security issue in a developer preview model is no biggie and uncovering such is a major reason for having such preview devices.

5
0
Anonymous Coward

Re: The difference...

> In the meantime, are you telling me you think the right approach is to ignore the issue? That attitude seems strange to me.

Locking up the developer edition of Glass tighter than a gimp's codpiece is pretty much the stupidest and most counter-productive thing that Google could do; it would mean the developers couldn't develop.

4
0
Silver badge
Stop

@Eponymous Cowherd

>> the correct approach is to report it without the lurid "we're all gonna die" headline <<

No. Stupid headlines are part of this site. If you don't like them, don't read them. I think they're one of the best things about the Register, I particularly enjoy the way they get various fanboys in a lather...

5
0
Anonymous Coward

Neil McAllister is on to something here.

I can see a whole string of articles emerging. Perhaps the next one could be:

"Oh my God. If I let a stranger have access to my credit card he can copy the digits and order expensive stuff online. This is a major security failure with credit cards, and they need to tighten up their security model before they issue any more!"

4
0
Bronze badge

Um..... it's a developer prototype......

Also - sorry but if there was some spyware "bugging" the Glass camera and Microphone.... the give-away to the user would be how quickly the battery runs down, it never ceases to amaze me how people in the tech blogging industry don't seem to appreciate this fundamental fact - battery technology is terrible and it has been for years and according to battery makers - there is nothing on the horizon that is going to change this fact - using the camera and/or microphone costs battery life, in terms of the camera - quite a bit of battery life, then we need to consider the fact of storage - is the non-existent spyware going to record locally and then upload or just broadcast it live - both solutions require a crap load of bandwidth and no matter what radio the device uses, both will have another significant battery cost.

2
0
Silver badge

How does the fact the battery will drain quickly protect you?

I know plenty of people who have all sorts of different makes and models of phones who complain that their battery life has recently become much worse. Are they supposed to jump to the conclusion that someone hacked it and they are being spied upon? Or the more likely conclusions of it being:

1) buggy software

2) battery getting old

3) in their head

If you hack it, presumably you don't have it recording video all the time if the battery (and memory) won't last long enough. Depending on your goals, you may have it only record audio/video during certain circumstances. If your goal is corporate espionage, perhaps it only records video while connected to the office wireless. If you suspect your spouse of cheating, you don't need constant video, one pic every few minutes or so would be sufficient to tell where they are and who they are with at all times.

3
0
FAIL

No battery development on horizon? Try Aluminium Air batteries...

Battery life will improve: there's huge R&D funds being thrown at it, and it seems a breakthrough is just about ready. Aluminium air batteries have recently been demonstrated, and if the small issue of them being highly dangerous can be solved then all is good.

Storage? Well, it seems that for glass to be useful it needs to be connected, so...

And whilst this is a developer device, it gives a clear indication on what the consumer device will be - if it comes at all.

0
0
Silver badge
Thumb Up

Shooting the messenger

Neil McAllister is getting a lot of stick here for 'stating the obvious', but isn't raising serious issues with technology one of the most useful functions of technology sites?

Not everyone is so enamoured of these things that they know everything about them and the issues they raise, so it's helpful to have someone lay it all out.

3
0

This post has been deleted by its author

Anonymous Coward

Spyware?

As in "I spy with my^H^Hyour little eye^H^H^Hglasses" I assume

0
0
Anonymous Coward

Re: Spyware?

It's making the Google Homeview idea come true.. No doubt we will get an "Oops, we did it again" apology from Google when it emerges later that an engineer had "entirely accidentally" smuggled in a face recognition app and a layout scanner that documented the inside of every house visited by a Goggle wearer, and it now humbly offered to blank out faces.

For only 95% of people.

And leave the house data intact.

Oh, and by mere coincidence a Google back end was ready to receive that data and process it.

Anyone who tries to enter my place with one of those damn things will be asked to leave, and not return. No exceptions. So I hope someone manages to sell one to my mother in law :)

2
2
Silver badge

Being able to root my own device is a good thing.

I've found it's the only way to take advantage of the hardware sometimes.

4
0
Bronze badge
Facepalm

Re: Being able to root my own device is a good thing.

I completely agree.

It's also the only thing that will let Glass1.0 owners install the software from Glass2.0 after the manufacture abandons us, like they always do. I buy phones and tablet based upon their ability to be rooted and the bootloader unlocked. I pick the one with an available root exploit if given a choice.

If you give your device to a friend and they hack it to spy on you, then you need better friends, not a better security policy.

4
0

I let someone have unrestricted access to a five pound note once

They were able to seize control of the device and used it to purchase a wank mag without my knowledge.

Then it occurred to me to be more careful with my personal possessions and it didn't happen again. Phew!

5
0

Easy security fix

Take of your GoogleSpecs when you enter sensitive information.

0
0
M7S
Bronze badge

Re: Easy security fix

Unfortunately if users (as I assume they will eventually be able to) needing prescription lenses to see clearly have these integrated, that might not be an option. One could carry around a "dumb" pair of glasses and I expect many employers might well insist on this for work time but if you're the sort of person who'd wear google glasses in their own time then you've every instance of needing to enter the pin at the Tesco checkout or unlocking your smartphone (with the 2 minute autolock that we're all advised to have) when you want to reply to a text or something and quickly it will become too tiresome to do this.

0
2
Bronze badge
Pint

Or...

If I allow untrusted people access to my phone/gizmo, maybe they'll just, I dunno...

Nick it?

You can argue what's worse all you like, but if you leave a few hundred quid's worth of electronica on a pub table while you penguin it to the bogs, then that's the most likely outcome I can see, and the most immediately aggravating.

2
0

I sense a film series in the making...

Could the first title be "Fractured Glass"?

When will developers ever learn from history?

0
0
Bronze badge
Boffin

Re: I sense a film series in the making...

Could the first title be "Fractured Glass"?

I would guess more likely "Fractured Ass" given the Gonzo Porn industry is likely to be the most interested in making films captured from Google Glasses.

1
0
Bronze badge
Pirate

Virus in the corner of my eye

"It reminds me of the guy in The Diamond Age who got infected by a virus that made him see Indian TV ads in the corner of his eyes 24/7, and he eventually went insane and killed himself"

Talking about Neal Stephenson's book the Diamond Age written 18 years ago.

http://www.stupidamericantourist.com/?tag=the-diamond-age

http://en.wikipedia.org/wiki/The_Diamond_Age

We are one step closer

3
0

For the funny side of the Hack google ... WBGA Deep...over 18s?

0
0
This topic is closed for new posts.