So far, only developers and certain consumers who were admitted into the early adopter program have had the chance to test the device, and among them is technology consultant and Android hacker Jay "saurik" Freeman, who discovered that hacking Google Glass (the "Glass Explorer Edition") and using it to spy on the wearer is not that difficult for those who know what they are doing and have physical access to the device.
According to a very long post in which he explained the technical details of how to do it, he showed that a number of things conspired to make the device vulnerable and "rootable." In short, a malicious individual can easily put the device into Debug Mode using the Settings panel and then use adb access and an exploit to get root access to it.
"Once the attacker has root on your Glass, they have much more power than if they had access to your phone or even your computer: they have control over a camera and a microphone that are attached to your head. A bugged Glass doesn't just watch your every move: it watches everything you are looking at (intentionally or furtively) and hears everything you do," he writes. "The only thing it doesn't know are your thoughts."
He also pointed out that Glass can record the passwords, PINs, door codes and other similar things the user types or writes by hand.
In the wake of the post, a Google engineer commented that they intentionally left the device unlocked so that testers could "play" with it and hack it, and another took umbrage at Freeman's reference to "rooting" the device, pointing out that "It's not rooting if they let you do it on purpose!"
Freeman responded that "as long as engineers, advocates, and officers from Google make statements like these without carefully looking into the facts first, it will not be possible to have any kind of reasonable and informed discussion about this system."
"The doors that Google is attempting to open with Glass are simply too large, and the effects too wide-reaching, for these kinds of off-the-cuff statements to be allowed to dominate the discussion," he pointed out, and added a few ideas on how to solve some of the problems that he perceived with the device and its use.
"We recognize the importance of building device-specific protections, and we're experimenting with solutions as we work to make Glass more broadly available. It's also important to understand that Glass doesn’t access many parts of a Google Account, including settings or many products. And your personal MyGlass site allows you to change the content that you see on Glass or, if you misplace it, wipe all the data off your device," Google officially commented.
To be fair, this version of Glass is surely not the one that will end up in production and on the nose of consumers. That's why they have the testing program, so that any potential problem might be solved beforehand.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.