Google’s new Glass headset has only been available for less than a month, but some enterprising users have already figured out how to hack it.
The augmented-reality device, which has been the subject of much hype and speculation, is currently available through the Glass Explorer Program, though they cost $1500 and are only available to a lucky few.
One of those lucky few is Jay Freeman, a software developer and alumnus of the College of Creative Studies at UCSB. Freeman is the developer of Cydia, a popular application for jailbroken iPhones that allows users to find and install software as an alternative to Apple’s App Store, as well as several other pieces of software. After signing up in advance at the Google-led technical development conference Google I/O last year, Freeman was able to purchase a Glass headset two weeks ago.
Not long after obtaining it, Freeman had gained root access to his device, using a previously-known exploit for Android 4.0.4.
“I used a security exploit — which was actually a fairly old one, we’ve known about it for eight months- in order to get root access on my Glass,” Freeman said. “Which is something that Google allows you to do, but the way they do it is designed in such a way that you know you did it. Whereas if you use a security exploit, you can do it surreptitiously to someone else’s unit.”
The exploit is fast, Freeman says, and though it requires a USB cable and another device, it could be done discreetly.
“I could have an Android phone in my pocket and then I could have a cable coming up through my shirt into my palm,” Freeman said. “With just a little bit of sleight of hand, I might be able to do the rooting process while you’re staring at me.”
In addition, it doesn’t require technical wizardry or dedicated tools. Exploits inevitably raise concerns about privacy, particularly due to Google Glass’s pervasive nature and front-facing camera.
“If you leave your Glass on a table and I have access to it, I could get root access on it and then modify the software such that I can pervasively monitor you throughout the rest of your usage of the device,” Freeman said. “One thing I think is important to realize about the device is that because of where it’s positioned on your head, I in essence get to look through your eyes, get to hear through your ears — I get to experience whatever you experience.”
Freeman’s intention is to call attention to, not exploit, such vulnerabilities. A malicious user with access to the information from a victim’s Glass, however, could see their computer keyboard as they typed passwords, door codes as they entered them, the shapes of their keys as they unlocked doors and similar sensitive information.
So what should be done about it? According to Freeman, Glass’s primary weakness lies in its lack of the unlock screen commonly seen on smartphones and similar devices.
“Most exploits available on these systems, Android or iOS, rely on the larger amount of functionality that you have access to once you type in your P.I.N. code,” Freeman said. “Glass doesn’t have a P.I.N. code. So if you take the device and you pick it up and put it on, you can immediately start using it, you can go into the debug mode feature, you can do whatever you want.”
Adding such a lock screen could increase much-needed security on the device.
“It’d be really irritating if every time you pick it up, you had to deal with unlocking it. You would kind of lose some of the magic of the device,” Freeman admits. “But my argument is the device is very dangerous without this type of security, and so even if it’s kind of a kludge it’s more important to have this than not.”
IMAGE COURTESY OF Google Developers
A version of this article appeared on page 5 of the May 7th, 2013′s print edition of the Nexus.