Five Major Google Glass Exploitable Vulnerabilities
Last week, Google allowed everyone to see the high tech specifications of Google Glass for a day. During this time, hackers around the world have already revealed vulnerabilities in the system. We are going to round up the five most important of them.
1. Glass Jailbreak
Let’s say your Glass is being jailbroken (rooted) and a hacker gets access to its operating system with full control to its activities and features. You would not know anything about it, but the other person gets to see everything you do and your privacy would be compromised.
Lawrence Pingree, Security Technologies Analyst and Research Director within the Gartner Company, explains that there is a big difference between the administrative user and the regular user. As an administrative user, you would have access to the software characteristics and the underlining hardware. He also says that if this would happen, spying services are going to reach a whole new level of possibilities.
Saurik a technology consultant, by his name Jay Freeman says on his blog that back in 2013, he used an Android exploit to hack into an older version of Glass.
The hacker Bin4ry created the exploit that granted root access to the device. He also explains that, if that person would have had access to your phone, or computer he couldn’t have obtained this amount of info. And he’s right, considering that the hacker would have access to the microphone and camera that are strapped to your head. Glass can watch your every move, see everything you’re doing and hear everything you say.
2. Malnotes Spy Software
We know from a while now that this is possible, because last year a team of security researchers developed a Glass app named Malnotes, which apparently was an app for taking notes, but actually it was a virus who could alter the camera specifications, turning it into a spy camera.
The software was making Glass take pictures at every 10 seconds, without notifying the user in any way, and it was uploading the photos on a remote server.
The creators of the app, Kim Paterson and Mike Lady, said that they developed the software to prove the system vulnerability Glass has and how easy it is for hackers to spy on users.
During an interview for Forbes, Patterson said that a simple policy can’t actually stop someone from using Glass in certain situations, and that it cannot protect the user that much. However, if Google could find a way to improve the device’s security and remove the software parts that could lessen the way towards its administrative setup, then people could feel a lot safer knowing that they can download any app without any risks.
The California Polytechnic San Luis Obispo researchers, Kim and Mike also admit to have tried and succeeded to upload the app on unofficial Glassware websites, but Google has removed the app as soon as they found out what it could do. However, other users could still upload it on third party websites.
3. Using Glass QR Codes
Thanks to the guys from Lookout Mobile Security, we know that Glass can also be controlled via QR codes. This critical vulnerability has been exploited by the security company, who created QR codes that would make Glass connect automatically to a malicious Wi-Fi network. When Glass works through this network, hackers have access to all the information flowing on the device.
Marc Rogers, main security researcher within the company, said that when they discovered the exploit, they begun producing their own malicious QR codes, based on the configuration instructions of the first malicious codes. As soon as Glass scans the QR code, any operation made with the device can be watched; anything from web searches to files saved on Cloud.
4. Malicious Wi-Fi Pineapple
Another well-known vulnerability, present in all Android powered devices is a weakness in the wireless network. Symantec says that for just a $100, someone could acquire a Wi-fi access device, which is able to copy the wireless network the device has been connected to before. An unsuspecting user could connect to its network, but instead could wind up in a malicious network.
So, when Glass is looking for a network classified as “myPrivateWiFi”, could actually receive a response from one of these pineapple devices, which have the same information and naming as the user’s private network. The hacker can control data sessions on Glass, redirect it to malicious websites or simply spy on the traffic and files. But, as mentioned above, this isn’t a problem that affects only Glass, and any Android device could one day pick up a pineapple network instead of his own.
5. Javascript software
But we must admit that one of the most interesting ways of hacking into Glass is via Javascript software. The developer who first discovered this hacking method, uploaded on his Glass a program called node.js and used his device as a control remote for his quadcopter drone.
The developer Blaine Bublitz from IcedDev, presented his Glass controlled drone in 2013 during the event Nodebots Day and showed how he could control the drone by simply moving his head. However, this was only a prototype and in order for the system to work properly it would need more improvements. For instance, now the drone is going left or right with full speed and lacks the ability to do rotations. Blaine says on his blog that he will continue improving the controls and add some more features to this improvised control system.