Sign up to our newsletter
The latest security news direct to your inbox
Spyware which stealthily takes photographs using Google Glass’s built-in camera and uploads them to a remote server without the user being aware has been demonstrated successfully on the eyepiece – despite Google’s policies explicitly forbidding programs which disable the screen while the camera is in use.
The spyware was designed by two California Polytechnic students, Mike Lady and Kim Paterson, who disguised their program as a note-taking app (albeit with a name that offers a clue to its actual function, Malnotes), and successfully loaded the app, which takes a photo every ten seconds and uploads it to the internet, according to Ars Technica’s report.
Google’s policies forbid programs which take pictures when its wearable Glass eyepieces are turned off – but there is nothing to stop users doing so, Forbes reported.
“The scary thing for us is that while it’s a policy that you can’t turn off the display when you use the camera, there’s nothing that actually prevents you from doing it,” Paterson told Forbes’ Andy Greenberg.
“As someone who owns Glass and wants to install more apps, I’d feel a lot better if it were simply impossible to do that. Policies don’t really protect us.”
The pair were able to upload Malnotes successfully to Google’s Play store, but were unable to sneak the app into the curated MyGlass store for Google Glass, Ars reports. Paterson noted that many Glass apps are currently “sideloaded” – ie not installed via official stores, but installed using developer tools in debug mode – as Glass is still in prototype.
“A lot of Glass developers are just hosting their apps from sites just to let other people try it. It’s sort of a wild-wild west atmosphere since very few apps are being released through the MyGlass store,” Paterson told Forbes. Paterson warned that if a user left Glass unattended, it would be easy to install such software without the wearer even being aware of its presence.
Google’s Glass eyepieces remain a hot topic for privacy advocates. Speaking to Business Insider, Daen de Leon, a software engineer, says that 13 bars and restaurants in San Francisco have an explicit “no Glass” policy, as well as others in Seattle, and Oakland, California.
After an incident where a Google Glass wearer was allegedly assaulted in a bar in Lower Haight for wearing the eyepieces, de Leon spoke to regulars and says that he, “”found her assumption that, as a complete stranger, she could enter a bar and just start recording regular customers without their permission quite disturbing.”
Author Rob Waugh, We Live Security