A software developer has reportedly hacked Google Glasses, revealing a number of disturbing security flaws.
Through a simple modification to the Google Glasses software, practically anyone can secretly record video and audio from the wearable device.
Jay Freeman (aka Saurik) published details of the hack on his blog, wrtiting:
“This exploit is simple enough that you can pull it off with just a couple files, and without any specialized tooling.
“Once the attacker has root on your Glass, they have much more power than if they had access to your phone or even your computer: they have control over a camera and a microphone that are attached to your head. A bugged Glass doesn’t just watch your every move: it watches everything you are looking at (intentionally or furtively) and hears everything you do.
“The only thing it doesn’t know are your thoughts.”
Among the alterations he either made or demonstrated included a way to turn off any indication that the glasses are recording video – shown by video activity being reflected in the owner’s ‘eye prism‘. Applications that take photos automatically or record audio covertly are also easy to make.
But the hack would also potentially open the door for a hacker to break into your Glass without your consent – which could have dire consequences. The device knows your passwords, can watch you type them and can even be used to monitor entry of door keys and other information.
More disturbingly still, Jason Perlow of Znet has revealed that the stealth surveillance doesn’t end there:
I wanted to know from Freeman if, once rooted, it is possible to programmatically disable the “recording LED indicator” on the device, so that one could stealthily record without any indication to the subject that they are being captured on-camera.
As it turns out, there is no such indicator light on the “Explorer” version of Google Glass that has recently shipped to the first generation of users and developers who were lucky enough to get their hands on the headset. Duh.
Still, there’s room to make the device even stealthier. As Freeman explained to me during a phone interview, although there’s no recording indicator per se, if you are being recorded, it’s readily apparent from video activity being reflected off the wearer’s eye prism that something is going on, particularly if you are in close proximity to the person.