Google Glass Spyware Risk Revealed

Google Glass users beware after researchers highlighted the potential of the device to act as an unobtrusive piece of spyware.

The issue could prompt concern about the potential of the devices to spy on the lives of Google Glass users, plus their family, friends and work colleagues.

Spyware Risk

The potential risk was revealed by California Polytechnic San Luis Obispo graduate researchers. Mike Lady and Kim Paterson, who built a spyware ‘proof-of-concept’ for Google’s wearable device. According to Forbes, their Google Glass app masquerades as a legitimate piece of note-taking software, ironically dubbed ‘Malnotes’.

The Malnotes app reportedly captures an image of whatever the Google Glass user happens to be looking at – every ten seconds. These images are then uploaded to a remote server.

What is especially troubling about this development is that Google’s policy on image capture is that the eyepiece display has to be operational, thereby tactically informing the Google Glass user that a picture is being taken. However, the Malnotes App apparently snaps the images with the eyepiece display turned off, meaning the user will have no idea his or her device is being used to capture images and transmit them to a third party.

The Malnotes app has therefore exposed the fact that Google has no real security measures in place to prevent images being taken whilst the display is switched off.

Forbes reported that in the space of its video interview with the researchers, the Google Glass running Malnotes belonging to Mike Lady apparently uploaded more than 150 snapshots of his vision, with no signal for either him or any other person.

“The scary thing for us is that while it’s a policy that you can’t turn off the display when you use the camera, there’s nothing that actually prevents you from doing it,” Paterson was quoted as saying. “As someone who owns Glass and wants to install more apps, I’d feel a lot better if it were simply impossible to do that. Policies don’t really protect us.”

The researchers apparently were successful in uploading the Malnotes app to the Google Play Store (but it was quickly removed after the news broke), and they didn’t attempt to upload to the spyware app to MyGlass app store. But this would not prevent Google Glass users from loading the rogue app from a third-party website for example. Developers for example commonly host their Google Glass apps on their websites to allow others to experiment with them, before they are undergo formal submission to Google.

“A lot of Glass developers are just hosting their apps from sites just to let other people try it,” Paterson reportedly said. “It’s sort of a wild-wild west atmosphere since very few apps are being released through the MyGlass store.”

Security Worries

This is not the first time a potential security flaw about Google Glass has been highlighted. Last July, Google repaired a flaw could have forced users to connect to malicious Wi-Fi. Having lured the user onto a phoney network via malicious QR codes, hackers could have then siphoned off information or executed further attacks

Non-malicious hackers have been trying to discover flaws with Google Glass since devices were released to testers early in 2013. Soon after the launch, one researcher discovered a non-traditional way to jailbreak Glass, claiming it was simple to carry out and a serious security concern given the lack of a lock screen.

The security concerns about wearable tech mirrors that of the recent concerns about compromised mobile phones, which can be turned into potential spying tools.

Still want to try wearable tech? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

7 mins ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

17 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

20 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

21 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

22 hours ago