Two Grad Students from the California Polytechnic San Luis Obispo recently developed a proof of concept spyware for Google Glass as reported by Forbes.
Mike Lady, 22 and Kim Paterson, 24, created the spyware projecting as a note taking app for the Google Glass, while in actuality it would be taking a photo every 10 seconds and uploading it to a remote server with the display off and no knowledge of the users.
Google’s Developer’s Terms of Service specifically bans apps taking photos with the display off, but the developers have found no practical restrictions in stopping such usage, Google Glass App Store might be scrutinizing the Apps loaded onto it but there are many other ways to load apps on to the devices and the popular sideloading process of installing apps from unknown sources might post a warning, but largely left not adhered to, to load apps.
“The scary thing for us is that while it’s a policy that you can’t turn off the display when you use the camera, there’s nothing that actually prevents you from doing it”, Paterson said “As someone who owns Glass and wants to install more apps, I’d feel a lot better if it were simply impossible to do that. Policies don’t really protect us”.
Initially though the staff from Google came down hard when notified of the vulnerability and the proof of concept malware over the Poly Students, later gave a more diplomatic statement “Right now Glass is still in an experimental phase, and has not been widely released to consumers. One goal of the Explorer program is to get Glass in the hands of developers so they can hack together features and discover security exploits. We value this kind of security research and feel badly if we came across as overly forceful to the grad students at Cal Poly. All of this work ultimately contributes to making Glass a better and more secure product ahead of a wider consumer launch”.
And supposedly this is only one of the many cases, while earlier developer Jay Freeman discovered that the Google Glass could be rooted and could be tinkered with very easily, in his blogpost he wrote “It knows all your passwords, for example, as it can watch you type them. It even manages to monitor your usage of otherwise safe, old-fashioned technology: it watches you enter door codes, it takes pictures of your keys, and it records what you write using a pen and paper,” Freeman wrote “Nothing is safe once your Glass has been hacked”.