This Exploit Lets Strangers Hack Into Your Google Glass

Google Glass, as a wearable computer that sees everything you see, has received its fair share of privacy concerns. Is it okay to use Glass in a bathroom? Should you ask a stranger’s permission before taking a photo or video?

But those are all questions about the privacy of people around the Google Glass wearer. Not much thought has been given to the wearer him/herself. And maybe that’s a mistake.

Google Glass, A model (i.e., non-winner) using Google Glass.Part of the promise of Google Glass is in its flexibility; it’ll rely on skilled developers to take advantage of the possibilities of an always-on wearable computer. Google’s counting on that. But with flexibility comes hackability, and one “security consultant,” otherwise known as a white hat hacker, has figured out a way to hack Google Glass so that he can see what the Glass wearer sees. Jay Freeman, who goes by Saurik, is a security consultant who’s best known as the father of Cydia, a sort of alternate app store for jailbroken iPhones.

If you want to overclock your iPhone, use it as a wireless hotspot without paying your carrier extra, or play Super Nintendo games on it, Cydia is for you. Freeman’s Glass hack requires that the Glass be put in “debug” mode, but that doesn’t take much. According to Ars Technica, which has a great piece on the subject, Freeman can pick up the Glass hardware and set it in this mode without the user ever knowing. And it doesn’t take much to then get unfettered access to everything on that user’s Glass says Freeman, “This exploit is simple enough that you can pull it off with just a couple files, and without any specialized tooling.

After you’ve gotten access, you can install software that’ll deliver any photos or voice recordings taken by the device. It’s not a seamless hack; the way it currently works would wipe Glass of everything it had recorded until then, which would be pretty obvious to a user putting it back on. But that could well change, and Freeman recommends that Google institute some kind of protection–a PIN, perhaps–to stop this from happening.

As wearable tech gets more and more common, this is the kind of exploit that could cause real damage. It’s not just what Glass sees that could be scary–it’s who sees it.