‘Cracked’ Google Glass Could Mean Hacked ‘Eyesight’

By Ryan Murphy
May 2, 2013
1 Comment
glass

It may come as no surprise that Google Glass has been jailbroken, or…”cracked,” if you’ll forgive the pun.

The news has some worried that the wearable computer may be a serious threat to an owners’ privacy since the device currently has no authentication system and a hack would essentially mean hijacked eyesight, among other possible evils.

As reported by Forbes, Jay Freeman, a well-known Android and iOS developer tested a known exploit for Android on Glass and announced the successful “crack” on Twitter.

Freeman later wrote in a blog post: “Once the attacker has root on your Glass, they have much more power than if they had access to your phone or even your computer: they have control over a camera and a microphone that are attached to your head. A bugged Glass doesn’t just watch your every move: it watches everything you are looking at (intentionally or furtively) and hears everything you do. The only thing it doesn’t know are your thoughts.”

___________________________________________

Learn more about Carbon Black. Click here
Carbon Black Secures Investment From Blackstone

___________________________________________

As reported by Forbes, Freeman says he was able to hack Glass using the device’s debug mode and a flaw in its backup function that tricks the device into thinking it’s running as an emulation on a developer’s machine. As he described it to Forbes:

“You take a backup from the device, modify the backup, and then restore the modified backup to the device. While the backup is restoring, you make a change to the data being restored that redirects the data being restored to overwrite a critical configuration file. This makes the device think that it is not running on real hardware: you make it think it is instead running on the emulator used by Android developers to test their software on desktop/laptop computers. As the emulator is designed for developers, it has full control and gives you “root”.”

Freeman continues in his blog post: “it knows all your passwords, for example, as it can watch you type them. It even manages to monitor your usage of otherwise safe, old-fashioned technology: it watches you enter door codes, it takes pictures of your keys, and it records what you write using a pen and paper. Nothing is safe once your Glass has been hacked.”

Some security experts noted that Glass does not necessarily poses an elevated risk over other hacked devices. As reported by CSO, Gartner analyst Anton Chuvakin said of using Glass in a clandestine operation: “It’s completely unrealistic, but exciting to talk about…To me, the risk of a rooted Glass device is similar to a rooted smartphone.”

XML co-creator and Google developer advocate Tim Bray noted on Twitter of the hack:

As reported by The Register: Google X Lab developer Stephen Lau elaborated on his Google+ page, to the effect that when a company like Google releases a device that’s intended exclusively for developers, nobody should be surprised when that device proves to be highly hackable:

“Not to bring anybody down… but seriously… we intentionally left the device unlocked so you guys could hack it and do crazy fun (expletive) with it. I mean, FFS, you paid $1500 for it… go to town on it. Show me something cool.”

1 Response to "‘Cracked’ Google Glass Could Mean Hacked ‘Eyesight’"

Leave a Reply

Follow Us On Twitter

For daily infosec insight...

×
One Company Delivering
Advanced Threat Protection for Endpoints and Servers AND Incident Response in Seconds.