Google Glass Spyware Risk Revealed

Google Glass users beware after researchers highlighted the potential of the device to act as an unobtrusive piece of spyware.

The issue could prompt concern about the potential of the devices to spy on the lives of Google Glass users, plus their family, friends and work colleagues.

Spyware Risk

The potential risk was revealed by California Polytechnic San Luis Obispo graduate researchers. Mike Lady and Kim Paterson, who built a spyware ‘proof-of-concept’ for Google’s wearable device. According to Forbes, their Google Glass app masquerades as a legitimate piece of note-taking software, ironically dubbed ‘Malnotes’.

The Malnotes app reportedly captures an image of whatever the Google Glass user happens to be looking at – every ten seconds. These images are then uploaded to a remote server.

What is especially troubling about this development is that Google’s policy on image capture is that the eyepiece display has to be operational, thereby tactically informing the Google Glass user that a picture is being taken. However, the Malnotes App apparently snaps the images with the eyepiece display turned off, meaning the user will have no idea his or her device is being used to capture images and transmit them to a third party.

The Malnotes app has therefore exposed the fact that Google has no real security measures in place to prevent images being taken whilst the display is switched off.

Forbes reported that in the space of its video interview with the researchers, the Google Glass running Malnotes belonging to Mike Lady apparently uploaded more than 150 snapshots of his vision, with no signal for either him or any other person.

“The scary thing for us is that while it’s a policy that you can’t turn off the display when you use the camera, there’s nothing that actually prevents you from doing it,” Paterson was quoted as saying. “As someone who owns Glass and wants to install more apps, I’d feel a lot better if it were simply impossible to do that. Policies don’t really protect us.”

The researchers apparently were successful in uploading the Malnotes app to the Google Play Store (but it was quickly removed after the news broke), and they didn’t attempt to upload to the spyware app to MyGlass app store. But this would not prevent Google Glass users from loading the rogue app from a third-party website for example. Developers for example commonly host their Google Glass apps on their websites to allow others to experiment with them, before they are undergo formal submission to Google.

“A lot of Glass developers are just hosting their apps from sites just to let other people try it,” Paterson reportedly said. “It’s sort of a wild-wild west atmosphere since very few apps are being released through the MyGlass store.”

Security Worries

This is not the first time a potential security flaw about Google Glass has been highlighted. Last July, Google repaired a flaw could have forced users to connect to malicious Wi-Fi. Having lured the user onto a phoney network via malicious QR codes, hackers could have then siphoned off information or executed further attacks

Non-malicious hackers have been trying to discover flaws with Google Glass since devices were released to testers early in 2013. Soon after the launch, one researcher discovered a non-traditional way to jailbreak Glass, claiming it was simple to carry out and a serious security concern given the lack of a lock screen.

The security concerns about wearable tech mirrors that of the recent concerns about compromised mobile phones, which can be turned into potential spying tools.

Still want to try wearable tech? Try our quiz!