A security flaw in an early version of Google's new Internet-connected glasses could allow hackers to control the device remotely and use its camera to "watch your every move," according to one developer.
In a blog post this week, software developer Jay Freeman said he found a way for hackers to install malicious software on Google Glass to conduct surveillance on its users. Freeman was one of the early Glass adopters selected by Google to test the device before its release to the general public next year.
Glass, a head-mounted computer that rests on the user's face like a pair of eyeglasses, can take photos, translate phrases and offer directions via a small glass cube suspended over the wearer's right eye. Freeman said hackers can compromise the headset by using a known vulnerability in Google's Android software, granting them even greater access to users' privacy than if they had bypassed security on a phone or computer.
"They have control over a camera and a microphone that are attached to your head," he said. "A bugged Glass doesn't just watch your every move: it watches everything you are looking at ... and hears everything you do. The only thing it doesn't know are your thoughts."
Freeman said the current version of Glass also lacks a PIN code to lock the device, allowing a hacker to physically install malware on the headset in order to then, for example, watch what users type and see their passwords.
Such a scenario could be particularly embarrassing if a user wore Glass in private, Freeman added. Earlier this week, for example, one early Glass adopter demonstrated how he could wear the headset in the shower.
"Nothing is safe once your Glass has been hacked," Freeman said.
Charlie Miller, a member of Twitter's security team who is well-known for hacking iPhones and other Apple products, said Freeman's findings are plausible. But he said a weakness in Glass would be difficult for a hacker to exploit since it would require a Glass user to leave the device unattended for several minutes while the hacker installed the malware.
"This particular vulnerability required physical access to the Glass device so doesn't represent much of a risk to most users of the product," Miller told The Huffington Post.
Google says Glass is still a work in progress. Responding to Freeman's findings, the company said in a statement the early edition of Glass "is not a consumer product" and is "intended for developers to play with, hack and even build great apps for."
Google also has created a website called MyGlass that allows Glass owners to change the content they see on the device or to wipe data from the headset if it's ever lost, stolen or hacked.
"We recognize the importance of building device-specific protections, and we’re experimenting with solutions as we work to make Glass more broadly available," a Google spokesman wrote in an email.
David Meinert, the owner of 5 Point Cafe in Seattle, Wash., took a controversial step in March when he announced a <a href="http://www.huffingtonpost.com/2013/03/14/google-glass-ban-privacy-concerns_n_2856385.html" target="_blank">ban on Google Glass</a>, generating widespread attention in international media. Media commentator Jeff Jarvis <a href="http://www.huffingtonpost.com/2013/03/14/google-glass-ban-privacy-concerns_n_2856385.html" target="_blank">called the ban "technopanic,"</a> but other businesses soon followed in banning Glass.
<a href="http://www.nbcnews.com/technology/technolog/strip-clubs-theaters-google-glass-wont-be-welcome-everywhere-1B9231620" target="_blank">NBC News reports</a> that the Las Vegas-based Sapphire Gentlemen’s Club will be asking patrons to check their Google Glass -- along with more traditional recording devices like cellphones -- at the door. “If they don’t want to check it, we’d be happy to give them a limo ride back to their hotel,” the managing partner of the strip club told NBC. <em>The photo shown is not a photo of the Sapphire Gentlemen’s Club in Las Vegas.</em>
Most movie theaters already have rules that ban recording devices, which means that Google Glass will likely be banned as well. <a href="https://docs.google.com/viewer?a=v&q=cache:s4FvbptUdJcJ:www.amctheatres.com/Media/Default/PDFs/code-of-conduct-policy.pdf+&hl=en&gl=us&pid=bl&srcid=ADGEESi9yVjpCX6v1SCufyMu5-YzLIvi8zfgRWK4FlbIB0rmnujZy2i15cJMOaK4L2wC0tgjrn7pqPEbgVbV0HK2rKxK0-CS_H1oETsBntjMdGTzS-its_FQ_7oWb4St3XeZjv43K_Ov&sig=AHIEtbS9VXkDdsd4bBzlS-iekkQXpwhOQA" target="_blank">AMC's code of conduct</a> bans "possession of a recording device, audio or video" in the theater, as do the terms and conditions for theaters run by <a href="http://www.theregister.co.uk/2010/09/10/vue_cinemas_ban_laptops/" target="_blank">Vue</a> and <a href="http://www.flickr.com/photos/dcmetroblogger/4366280786/" target="_blank">Regal Cinema</a>.
Google Glass will also be banned at casinos in Las Vegas, <a href="http://www.nbcnews.com/technology/technolog/strip-clubs-theaters-google-glass-wont-be-welcome-everywhere-1B9231620" target="_blank">NBC News reports</a>. "Picture-taking is frowned upon, and security officers on duty ask individuals not to take pictures for the privacy of others in the casino," an MGM Resorts spokesperson told NBC.
The West Virginia state legislature has already proposed an amendment banning drivers from wearing Glass on the road. The ban, <a href="http://www.wired.com/autopia/2013/03/google-glass-ban-west-virginia/" target="_blank">according to Wired</a>, will forbid people from "using a wearable computer with head mounted display."