Dutch computer experts have devised a trick for infiltrating and taking over Glass, Google's information glasses. Without too much difficulty, bystanders can then remotely see what the wearer is viewing.
Google co-founder Sergey Brin.
With a few rows of additional software, hackers can take photos and make films without the Glasswearer even knowing. These images can then be sent to another computer.
Employees at the Nijmegen ICT company Masc and accountancy office Deloitte (which also has a computer security department) demonstrated this ability to the Volkskrant. Anyone with malicious intentions can use a USB stick to enter a 'script' in the glasses at an unguarded moment which then allows them to take control.
Malware via wifi
According to one hacker, a possible attack scenario could involve a user lending his Glass device to an interested person (a pretty girl in the pub), who then sticks a USB stick into the device when no one is looking. In another scenario, the malware is distributed via a wifi network or an app on the telephone (the Glass can only be used when connected to a telephone).
According to Bosboom, it just took one evening and a few pizzas for a dozenhackers to come up with this scenario. 'We were thinking about worst-case-scenarios with these glasses. We then came up with the idea of someone being able to view what the wearer is watching. This means that you are better off not wearing the glasses when using a cash-point or engaging in other private activities.
Breaking into the system is relatively easy. You don't need to break a code; you don't need to capture a server. 'Hardcore hackers wouldn't even bother with it', says Bosboom. 'They would find access too easy.'
According to a Google spokesperson, security is an area that needs attention with respect to Glass. In new versions, the screen locks just like a smartphone, and can only be opened with a code. This, however, doesn't offer any protection against camera hijacking. 'The more feedback we obtain, the safer we will be able to make Glass for the wider launch later on this year.'
This is a pretty huge security threat, they better fix it or no one will buy it