Feeds

Hey, Glasshole: That cool app? It has turned you into a SPY DRONE

Google Glass spyware can use users as surveillance drones

Securing Web Applications Made Simple and Scalable

Security researchers have created prototype Google Glass spyware that is capable of snooping on everything the user is looking at without tipping off victims that anything is amiss.

Mike Lady and Kim Paterson – graduate researchers at California Polytechnic San Luis Obispo – created an app that takes a picture every 10 seconds a Glass display is active – before uploading the information to a remote server. This all happens in the background without giving the wearer any indication that images from the hi-tech specs are being "live-streamed".

"The scary thing for us is that while it’s a policy that you can’t turn off the display when you use the camera, there’s nothing that actually prevents you from doing it,” Paterson told Forbes.

The prototype was written as a proof of concept designed to highlight security issues with the high-tech eyewear. In the experiment the snoopy code posed as a note-taking software package called Malnotes.

Similar tricks could be used to distribute a real Trojan. Victims would first have to be tricked into installing a dodgy app, of course. Lady and Paterson succeeded in uploading their dodgy app (which did more than it said on the tin) to the Google Play app store for Android, before Google was notified of its presence and a quick takedown applied. Forbes adds that the same trick would probably have failed on the more carefully curated MyGlass app store.

"Even Glassholes (as those who have adopted Google’s wearable technology are known) don’t deserve to be spied upon, and should have an expectation that proper security is in place to prevent abusive apps from performing actions that should be forbidden," writes security industry veteran Graham Cluley in a blog post. "If you do insist on wearing Google Glass, then please make sure that you have protected your devices using a passcode, and be careful about what apps you install on your devices from unofficial app stores."

Malicious software for Glass is not a virgin field for security research. For example, last year researchers at the mobile security firm Lookout showed how it might be possible to install malware or snooping on data feeds by tricking a user into simply looking at malicious QR codes.

Glass automatically processed QR codes present anywhere in photographs captured by the built-in camera. That meant barcode-like images could be put together that instructed the Glass hardware to connect to a rogue Wi-Fi network that snoops on connections made to the web, or tell its browser to visit a malicious website that exploits security holes in the gadget's Android operating system. Lookout reported the problem to Google before going public with the issue last July. ®

Mobile application security vulnerability report

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.