The Google Glass Explorer Edition has only been in developers’ hands for a couple of weeks, but notable Android and iOS hacker Jay Freeman, a.k.a. Saurik, has already successfully “jailbroken” the fancy new device. In the process of doing so, he pointed out some troubling security flaws with Glass that could make Google’s product a dream for ill-intentioned hackers.
Freeman announced his achievement via Twitter and posted a photo that he claims proves he successfully “rooted” his Google Glass. He followed up with a blog post that gave detailed instructions for other programmers to jailbreak their own Glass.
— Jay Freeman (saurik) (@saurik) April 26, 2013
“My motivation for posting that picture was, in my mind, fairly simple,” Freeman wrote on his blog. “I have a large audience of users who are interested in device customization, particularly stemming from the idea of modifying the code of popular consumer devices (such as the iPhone).”
Once rooted, programmers can customize most aspects of Google Glass. Without getting bogged down in the technical details, the steps are easy enough for anyone with experience unlocking mobile devices to repeat with Google's smart glasses.
Freeman explained to ZDNet that one customization he made was to allow Google Glass to record video without anything displaying in the eye prism. He also eliminated the default 10-second limit on recording and altered the command system so Google Glass would start recording with the command, “Boy, I’m tired,” and stop recording with “Boy, I need coffee.”
Essentially, Freeman turned Google Glass into a stealthy surveillance device, pretty much confirming privacy concerns raised by the tech-savvy. For example, there wouldn’t be much stopping sexual predators from photographing or filming anyone, at any time.
Google Glass runs on an adapted version of Google’s Android mobile operating system, but Freeman explains that the version that comes on the Explorer Edition is easier to hack because there's no “pin lock” function. An unattended pair of Glass could be used to read emails, place calls or take inappropriate pictures to share via social networks.
It would also take a hacker only a few minutes to root Google Glass and upload custom software packages. This could include malware capable of giving a hacker remote access to its camera, microphone, passwords, and more. Because Glass is built to interact with the users' other devices, these would be compromised as well.
“Once the attacker has root on your Glass, they have much more power than if they had access to your phone or even your computer,” Freeman wrote. “It knows all your passwords, for example, as it can watch you type them. It even manages to monitor your usage of otherwise safe, old-fashioned technology: it watches you enter door codes, it takes pictures of your keys, and it records what you write using a pen and paper.”
He added, “Nothing is safe once your Glass has been hacked.”
The threat of malware continues to grow. Malware has infected as many as 9 million Android devices, and evidence has surface of attacks by the Chinese government aimed at phones running Google’s software. Even our own government wanted to use malware to turn a computer’s webcam into a private surveillance camera, and it would be able to do the same with Google Glass.
There's nothing to say that these vulnerabilities will be present in the public release of Glass. Google released this early version to select programmers to collect feedback, and has a history of rewarding people who find security breaches.
There's already a function called “MyGlass,” which allows users to shut down a lost or stolen Glass. Hackers could only exploit the vulnerabilities found by Freeman with physical access to the device, so MyGlass would help prevent those attacks.
An unnamed Google spokesperson told Forbes that the company, “recognizes the importance of building device-specific protections, and we’re experimenting with solutions as we work to make Glass more broadly available."
One Google developer, however, has dismissed the jailbreak entirely.
Yes, Glass is hackable. Duh. goo.gl/HQpLC
— Tim Bray (@timbray) April 26, 2013
Still, it's startling that Google would release Glass to thousands of early users without some basic security protocols. Thankfully, the device has remained with programmers and hasn't found its way into the hands of hackers with nefarious goals.