A hack shown off by Dutch security researchers allows an attacker to ‘take over’ Google’s new Glass headset, compromising privacy and sending pictures and videos from the frames’ built in camera to another computer. In effect, seeing through their victim’s eyes, according to Business Insider’s report.
The attack requires physical access to the Glass headset but works so quickly that researchers at Deloitte’s computer security division and Dutch security company Masc told newspaper Volkskrant, that it could be loaded “by a cute girl in a bar who had borrowed them out of interest.”
“Hardcore hackers wouldn’t even bother with it,” said Deloitte researcher Thomas Bosboom, “they would find access too easy.”
Dutch News reports that Bosboom and “a dozen” colleagues came up with the idea after “a few pizzas.” The script to ‘take over’ Glass can be easily loaded into the device either from a USB stick or via Wi-Fi in the guise of an app for Glass.
“We asked ourselves what the worst case scenario was,” Bosboom said, “We realized that would be looking through the users’ eyes.”
Speaking to Volkskrant, a Google spokesperson acknowledged that security and privacy had been an issue with early models of the Android-based devices, but said that later models would be protected by a PIN-style code.
“The more feedback we get, the safer we can make Glass ahead of the wider launch this year,” the spokesperson said. .
The Google Glass headset is currently available in the U.S., the UK and other territories, but in an Explorer edition, aimed at developers. The early prototypes have been hacked before, with two California Polytechnic students designing a bogus app which took pictures every ten seconds via the built-in camera, and uploaded it to a remote computer.
Author Rob Waugh, We Live Security