Google Glass Security Shattered by Researchers
Sergey Brin shows off the Google Glasses touchpad in a Current TV interview.
CREDIT: Current TV
At least two security researchers claim to have exploited flaws in the Android software that powers Google Glass, the search giant's computerized eyeglasses.
However, Google doesn't seem very concerned about the hacks, and one Google Glass developer said the company expected researchers to dig into the software.
The high-tech Google Glass eyewear, which runs on Android 4.0.4 Ice Cream Sandwich, is apparently vulnerable to a known flaw in Ice Cream Sandwich's restoration process.
The flaw lets those with the technical know-how take over, or "root," the entire operating system, mobile security researcher Jay "Saurik" Freeman told Forbes last week after he'd tweeted a photo showing a hacked Glass interface.
Freeman, famous for developing the Cydia app repository for jailbroken iPhones, said that by backing up his Google Glass device and then tweaking an important configuration file, he was able to fool the headgear into thinking it was an Android development tool running on a PC instead of a real device.
Using this method, Freeman made the device behave more like a software application on a computer than like a stand-alone mobile device.
Another security researcher, Liam McLoughlin, took to Twitter last week to announce that he'd achieved similar results via Google Glass's debug mode.
"I got a shell on my Glass :D (no root yet!)," McLoughlin said, referring to a command-line interface that lets users get into the innards of an operating system.
Rohit Sethi, vice president of product development for Security Compass in Toronto, told TechNewsDaily that a hacked Google Glass device would lead to important privacy compromises — to say the least.
"If someone's able to root the device, then they can essentially see everything you can see, and hear everything you can hear, as opposed to a [traditional] mobile device," Sethi said. "It's maybe not shocking that someone could root an Android device, but the repercussions are pretty severe."
Freeman, McLoughlin and other software developers can buy the pre-release "Explorer Edition" of Google Glass for $1,500. The final product, expected in the fall, is still in development. It's unlikely that Glass will hit the consumer market with its current software configuration.
Google developers were pretty calm about the dire Glass developments.
"Yes, Glass is hackable," Google developer Tim Bray tweeted in response to McLoughlin's findings. "Duh."
Android developer Dan Morrill was quick to point out on his Google+ page that the hackers had actually achieved a "fast boot OEM [original equipment manufacturer] unlock" rather than total root access.
"There is no root here!" Morrill wrote. "It's not rooting if they let you do it on purpose!"
Google Glass developer Stephen Lau used his own Google+ page to say that hacking Glass was exactly what Google wanted.
"Not to bring anybody down, but seriously, we intentionally left the device unlocked so you guys could hack it and do crazy fun [stuff] with it," Lau wrote. "I mean ... you paid $1,500 for it. Go to town on it. Show me something cool."