I've seen the future - and it's Google Glass spyware

Google GlassTwo graduate researchers at California Polytechnic San Luis Obispo have created an application for Google Glass that can spy on everything the wearer is looking at, without the knowledge of the user.

As Forbes reports, 22-year-old Mike Lady and 24-year-old Kim Paterson have created some software for the privacy-busting digital eyewear that secretly takes a photo every ten seconds when the Glass display is off.

The app then uploads "the images to a remote server without giving the wearer any sign that his or her vision is being practically livestreamed to a stranger."

In order to trick users into installing the software on their Google Glass, the software pretends to be note-taking software called Malnotes.

(Clearly the "Mal" in "Malnotes" is not supposed to stand for "Malcolm").

Worryingly, the researchers appear to have uncovered something of a security hole in Google's vetting process according to Forbes reporter Andy Greenberg:

Though Google’s developer terms of service for Glass specifically ban apps that take photos while the device’s display is off, Paterson and Lady discovered that there were no real security prohibitions against that trick. Over the course of my short video interview with the pair, Lady’s Glass headset running Malnotes uploaded more than 150 snapshots of his vision with no signal for either him or me.

“The scary thing for us is that while it’s a policy that you can’t turn off the display when you use the camera, there’s nothing that actually prevents you from doing it,” says Paterson. “As someone who owns Glass and wants to install more apps, I’d feel a lot better if it were simply impossible to do that. Policies don’t really protect us.”

Now, it's possible that you are of the opinion that anyone who is antisocial enough to wear Google Glass in public (and has no qualms about photographing people without their permission and uploading imagery of individuals to Google's servers) deserves any malicious attacks directed at them.

But I disagree. Even Glassholes (as those who have adopted Google's wearable technology are known) don't deserve to be spied upon, and should have an expectation that proper security is in place to prevent abusive apps from performing actions that should be forbidden.

If you do insist on wearing Google Glass, then please make sure that you have protected your devices using a passcode, and be careful about what apps you install on your devices from unofficial app stores.

Chances are that there will be others out there, with more malicious intentions than Mike Lady and Kim Paterson, who will be interested in spying upon what Google Glass wearers are looking at.

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , ,

One Response

  1. John Lilburne

    March 24, 2014 at 11:41 am #

    “Even Glassholes (as those who have adopted Google’s wearable technology are known) don’t deserve to be spied upon!"

    Hmmm. They have a Google device – thus they are being spied on.

Leave a Reply