The wider world is tuning in to the fact that Google Glass is hackable. If you've missed it, developers have been demonstrating how the device could be used to realize some of our greatest privacy nightmares, such as having our real-life identity made readily available to a Glass-wearing stranger on the street or being recorded by a Glass-clad onlooker without our knowledge or consent.
This revelation that Google Glass isn't impenetrable may worry anyone who fears that Google's futuristic, whiz-bang, Internet-capable eyewear represents a significant threat to American privacy. That includes members of Congress, who -- with a mix of grandstanding and technical ignorance -- recently demanded assurances from Google CEO Larry Page that Glass could not be used to infringe on the privacy of the average American. Much to the consternation of Rep. Joe Barton (R-Tex.), Google couldn't make outright assurances -- understandably so, for two key reasons.
First, Google can't ultimately control if a user violates someone's privacy with a Google Glass, just as AT&T can't control a nosy family member from listening in on your phone call from the upstairs line. Second, no matter the lengths Google goes to make Google Glass entirely secure, cyber criminals would find a way in if it were worth their time. From Android to Mac OS to Windows, every platform is hackable.
More important, there are more pressing security and privacy concerns than whether a cool, new wearable technology will become popular enough to be a serious malware target.
Reason No.1: Google can't control who's being snapped -- but nor can Apple or Nikon
Reason No.1: Google can't control who's being snapped -- but nor can Apple or NikonWe all understand that Google can't prevent you from, say, taking voyeuristic pictures of a neighbor with Google Glass any more than Smith & Wesson can prevent you from shooting the neighbor's cat with a Bodyguard 38 or Ford can prevent you from committing a traffic violation in a Focus. That's the price of our free-market society: We're willing to allow potentially dangerous products on the market -- cars, guns, gasoline, chemicals, insecticides, alcohol, computers, and so on -- because those risks (such as the ability to drive over 25mph) come with some value (such as the ability to drive to work in under two hours).
However, some critics of Google Glass believe the device crosses a new privacy line. Here's a question for folks who hold that view: Why is Google Glass any worse than today's smartphones? If you are willing to tolerate feature-rich, Internet-enabled smartphones -- which are miniature, powerful computers capable of surreptitiously taking high-resolution digital photos, recording private conversations, and tracking your comings and goings -- why are you worried about Google Glass? Someone with the right smartphone could potentially secretly record your actions as easily and as noticeably as someone wearing Google Glass.
Google recognizes potential points of concern, and the company explained some of the measures it's taking to reduce a Glass user's ability to violate a fellow citizen's privacy. Among them, the device requires voice activation to shoot video or images. Google also said it "will not be approving any facial recognition Glassware at this time" and would "prohibit developers from disabling or turning off the display when using the camera."
Reason No. 2: Glass OS can be hacked, just like every other system
Reason No. 2: Glass OS can be hacked, just like every other systemIn Google's ideal world, all developers will only create and distribute legitimate applications, and all users will run legal, fully patched versions of Glass OS (which is based on Android) on their nonjailbroken Glass. This leads to the second reason Google's can't honestly assure Congress that Glass could never be used to violate someone's privacy: Glass OS is demonstrably hackable.
Since Google first started selling early models of Glass to developers (for $1,500 a pop), several techies have come forth to proclaim successful hacks of the device:
- Android developer Jay Freeman, also known by the handle Saurik, in April revealed that he managed to jailbreak the device, allowing it to be loaded with unauthorized software.
- Startup Lambda Labs announced it's built a facial-recognition API for Google Glass.
- Researchers at security company Lookout reportedly discovered a vulnerability that allows attackers to hijack a pair of Google Glasses using specially designed QR codes. (Google reports the bug has been fixed.)
- Members of the hacking community have uncovered potentially abusable features within the Google Glass OS, such as the ability to put the device in constant listening mode and to snap a photo with the wink of an eye.
- Employees at Google have demonstrated that it's possible to install Ubuntu on a rooted Google Glass.
Every hack, app, and vulnerability on this list -- and there are almost certainly others that aren't -- could theoretically be used to violate a third party's privacy. In some cases, it wouldn't be Google's fault so much as the user's fault that his Glass became a zombie live-streaming video cam because a user clicked a dangerous link or installed an app from an unknown source. But in other cases, it would be because a malware author found a way to hack Glass OS, plain and simple.
Glass OS is hackable -- but so is every OS. It's just that hackers focus their efforts on the most-used platform. That's why Windows has traditionally been the most-hacked desktop OS, Java is more exploited than .Net, and Android is the top-targeted mobile OS in the world today.
Yes, I am saying that iOS would become the most-hacked mobile platform if it surpassed Android's global adoption. But the same would go for Windows Phone, BlackBerry BBX OS, Firefox OS, and others. More users mean more potential victims for cyber thieves, which means higher demand for malware to snag said victims. The more malware that comes, the more likely a malicious agent slips through the cracks.
Here's the point: The fact that Google Glass OS is susceptible to hacking is largely irrelevant until the platform gains widespread adoption. For now, it's tough to predict whether that's going to happen. Sure, maybe it will be the next big thing, OEMs will pile on to create their own versions of the eyewear, and malware-infested G00gl3 Gla$ knockoffs hit the black market, turning millions of users into unwitting spy cameras for Big Brother or Mr. Big or the in-laws or whomever wants to monitor your every move.
There are more important security and privacy-related concerns we need to address than whether or not Google Glass will single-handedly lead us toward an Orwellian dystopia. For example, each of us could reassess our priorities as to what level of privacy we're already willing to surrender in exchange for at-times meager (or false) rewards. Is it worthwhile to text your contact number and a metadata-loaded digital photo into the ether for a negligible chance to win a prize? Is handing a helping of your Facebook data to an unknown developer worth playing with a fart-sound emulator?
As a nation, we could focus our concerns on the potential threats on protecting our data and our privacy from the varied threats we know are out there today. Globally, we could urge our influential politicians, business leaders, and technology authorities to channel their efforts toward making the Internet more secure as a whole, for everyone.
This article, "Yes, Google Glass is hackable, but that's the least of our privacy worries," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.
This story, "Yes, Google Glass is hackable, but that's the least of our privacy worries" was originally published by InfoWorld.