Hackers have already proven smarter than smartphones or just about any other connected electronic device, and soon they’ll hack into your fridge, thermostat, and toilet. The NSA got into your files stored in the cloud’s “secure” data centers. Chinese authorities got everything on your laptop that you left in your hotel room while going for quick beer at the bar downstairs. And now Dutch hackers, um “computer experts,” have commandeered Google Glass to take pics and videos of everything you’re looking at.
Which could be expensive – the PIN you key into an ATM. Or more than embarrassing – strangely long stares at places that you don’t stare at in polite society, a naked date…. Possibilities are endless. Pics and videos will then be transferred, without the wearer’s knowledge, to another device where they can be stored and studied ad infinitum. For the lucky ones, it might end up on YouTube.
“Breaking into the system is relatively easy. You don’t need to break a code; you don’t need to capture a server,” the Dutch paper Volkskrant reported after employees of internet marketing company Masc and the folks at Deloitte’s computer security department had demonstrated their exploit to the paper.
“Hardcore hackers wouldn’t even bother with it,” said one of the hackers, identified as Bosboom. “They would find access too easy.”
To take control, hackers need to transfer the script to Google Glass, which can be done in various ways, such as via a USB stick. “A pretty girl in the pub,” Bosboom helpfully suggests. Let her check out and try on the device, and while you’re intently focused on her assets, she might quickly connect a USB stick, and voilà.
That you should be careful where to bring your Google Glass – such as a bar – was made amply clear earlier this year in a case that catapulted Sarah Slocum to national prominence when she got tangled up in an altercation – a “hate crime,” she claimed – at Molotov’s in the Lower Haight, San Francisco. Which she helpfully recorded via her Glass. “I wanna get this white trash, this trash on tape for as long as I can,” she said in the video, followed by a tsunami of profanity that would be too shocking for TP’s well-mannered readers. Glass recorded those precious moments. The video eventually ended up on YouTube. So now, in addition to catapulting your rages into the national limelight, taking Google Glass to a bar can have other consequences.
But it doesn’t need to be a USB. That was just a demo. The script can be transferred as well via a Wi-Fi connection or by an Android app via smartphone.
It didn’t take the dozen hackers long to figure it out – just one evening fueled by a few pizzas, according to Bosboom: “We were thinking about worst-case-scenarios with these glasses. We then came up with the idea of someone being able to view what the wearer is watching. This means that you are better off not wearing the glasses when using a cash-point or engaging in other private activities.”
Google had its own take on the debacle.
“The more feedback we obtain, the safer we will be able to make Glass for the wider launch later on this year,” a spokesperson told the Volkskrant, admitting that Glass security was an area that needed attention. And the spokesperson had some good advice: “users shouldn’t give Glass to someone they don’t know without locking it or any supervision. More broadly speaking, users should avoid downloading Glassware that is not available on the MyGlass destination, or debugging their device and then giving it to someone else.”
The cat-and-mouse game has started. In that respect, Glass is no different than the clunky PCs 15 years ago. Hackers engineer a malicious exploit either for the heck of it or to grab valuable data. Companies react to it afterwards by trying to fix the security hole. Meanwhile, the damage has been done. But the smaller the hacked devices, the more intrusive the hack. Smartphones go everywhere humans go. But Google Glass is a step further down that road in that it can be made to record and transmit what you’re looking at. And that would be a handy tool for the ultimate Big Brother thought police.
Sunday, when no one was supposed to pay attention, PayPal sent its account holders an innocuous-sounding email with the artfully bland title, “Notice of Policy Updates.” PayPal didn’t want people to read it – lest they think the NSA is by comparison a group of choirboys. Read….I Just Got PayPal’s New Absolutely-No-Privacy-Ever Policy
Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.