google glass hack security flaw
Thursday, May 02, 2013
Thanks to a glaringly obvious security flaw in the futuristic Google Glass wearable computer, a hacker could within minutes take control of the device -- seeing what you look at, hearing what you hear, experiencing life through your senses.
"If the camera is on your head and the microphone is on your head, I'm seeing through your eyes, I'm hearing through your ears. The only thing I can't get access to are smells in the room and your thoughts," Jay "saurik" Freeman told FoxNews.com.
Google Glass is the Internet giant's vision of an always-on, digitally connected future, disguised as a pair of glassless eyeglasses. It's a lopsided hunk of plastic, silicon and titanium with a video camera and microphone that rides in the glass frame over the user's eyebrow.
And hackers can get on board Glass, Freeman said, thanks to 16 characters of XML code ("Allow backup = false") and a simple fact: Unlike any Android-based tablet or smartphone, there's no security built into Google Glass at present. No lock screen, no voice command code, nothing.
"Put some security mechanism in place. That solves the vast majority of the issue," Freeman said. He detailed the security issue in a lengthy webpost.
Google said it has shipped 500 or 600 models to developers, not consumers, partly to build apps and find exploits like this one. People like Freeman are helping ensure that the eventual shipping product will be secure, in other words.
Besides, Glass doesn't access many parts of a Google account, the company noted, including settings on many products. And your personal MyGlass site on Google's servers allows you to wipe all the data off the device if you misplace it or it's stolen.
That said, the flaw exists, and Google is working on it, a spokesman told FoxNews.com.
"We recognize the importance of building device-specific protections, and we're experimenting with solutions as we work to make Glass more broadly available," he said.
The 31-year old Freeman lives in Santa Barbara, where he created and manages Cydia, the alternative app store for iPhones. Until the flaw is patched, he said, the potential problems of the security exploit reach well beyond Google's latest gizmo. Imagine you sit down at your computer wearing glass. Someone can see your computer monitor, watching the sites you visit and what you type.
"By hacking Glass, you've also hacked my computer," Freeman said, noting that passwords are easily recorded. At that point. Or anything else the wearer happens to be looking at.
"I type door codes in order to get into computer labs and corporate buildings," he told FoxNews.com. "and it's not just door codes. If you take a picture of a key you can replicate it," he said.