Google Glass may look like the next peak in technology and the perfect computing accessory, but it sure has some low points as well.Different threads regarding Google’s Glass have started a while ago, and ever since people keep going back to the subject not only for technological analysis - cause we must admit this is a huge accomplishment also for the sociological patterns the product creates. So far, the opinions are spread over people who completely dislike the idea of having a computer stuck to their faces, and people who approve the idea, more than that, they keep finding new activities to fit it in.
This time we are going to cover some of the Glass’s security issues that have been recently reported.
How safe is the Google Glass?
When such a system is configured, the administrator should make sure that there are no security threats or vulnerabilities that could be exploited. Even though some of the threats don’t seem realistic or worrying, there are definitely things we should worry about when it comes to private information security. And patching the system as the threats appear is not even close to the best solution out there.
Of course, security breaches appear when a proper environment is created for them, for instance when you don’t secure your online accounts, or don’t pay enough attention to online payments, and so on. .
We’re telling you this, because you have to know how these vulnerabilities can apply to your own situation and how you must treat it.
Lookout Mobile Security pointed out the first weak point in the security, this year in July. Apparently the vulnerability could breach Google Glass sets with QR (Quick Response) codes. This possibility has been tried in a controlled environment and worked, and appears to be a serious threat.
Note: A QR code is used for obtaining a fast response from a receiver device, by sending the minimum amount of information – an image.
Back in July, the Google Glass was creating QR codes when the camera app was used, meaning that a bad intended person could breach into the device by connecting to a common access point (Bluetooth or Internet network) and track the data coming and leaving to and from the Glass, redirect a user to some webpage and even to take over the Glass. This is most likely to happen if the Android OS, Google is currently running on, would have other security vulnerabilities as well.
However, this threat is not addressed only to the Google Glass, as any other device running on Android and using automatically processed QR codes is threatened. The more we think about it, we come to the conclusion that any QR code should be treated with multiplied attention. The problem has been solved, as the system has been recently patched.
How can I secure or patch Google Glass’s system against this threat?
Google is securing the system for you at the moment, through monthly updates that are automatically installed on the device. The thick end of the stick in this matter is that you cannot have full control over what is downloaded and placed in your gadget. However, we cannot categorize this as a bad thing nor as a good one, as we cannot trust Google to find all the possible threats by himself and create the perfect system. We’ll just have to wait and see how this goes along.
Regarding this particular matter, we were telling you that the system has been patched when Google released the XE6 system update and now, whenever a QR code has to be generated, the user has to approve the action.
The update was released to treat this specific subject. But in the meanwhile, Symantec stated they have discovered another weak point also related to the usage of internet networks. They discovered that the Glass can be fooled into connecting to an access point that has the same name as the one you usually navigate on.
You can’t see this fitting in your environment? Did you hear about the Pineapple WiFi? This is a device that one can buy and when active, it can play as a decoy for the last network you have been connected on. So, when the Glass is searching for a Wi-Fi to connect to, the decoy can stand out and allow the connection to its own network. The Wi-Fi Pineapple doesn’t need to know anything about the previous network you have connected on, and can easily fool the Glass into connecting to a corrupt network. This is also a serious threat.
Just as in the case of the QR codes, this problem cannot be fixed but temporarily. And unfortunately, this isn’t a threat that only menaces the Glass, but any other Wi-Fi devices. What you can do to make sure you are safe, is to be careful to open networks, and if a network that previously asked for a password is now giving you open access should definitely be a sign.
Are there any other security issues in the Glass’s system?
Another thing you should take into consideration is Google’s Glass rooting procedure, which can plant codes for spying and corrupting the traffic. Google offers the full procedure with the mention that the warranty is lost during the process. Considering that there are no security passwords on the Glass, if this happens your accounts are fully discovered. Of course, if the device gets lost, you can access it online and delete the information from your Google accounts.
As an advice, you should prepare yourself to see more security issues being discovered, as Google itself challenged hackers everywhere to try and hack the system. Google, however, will block any restricted app to reach the Glass, and will only allow app deployment towards the device.
Can an employer verify the activity on an employee’s Glass device?
Regarding this matter, we suppose we all know that a system administrator has access to devices in order to give a proper setup to match the job. And we also know about the My Glass app which can control the Glass via an Android device. We don’t have any other control perspectives, but we’re sure Google will come up with a monitoring system for the Glass as well, in the end.
So, watch out for:
- QR codes processing
- Open Wi-Fi networks
- Make sure you also secure the devices through which you control the Glass, such as smartphones.
- Apps that aren’t Google branded
And another thing: keep an eye open for security updates, and make sure you do your homework properly before doing something risky with your Glass.