Google Glass Presents New Frontier for Malware Devs

Two security researchers from the University of San Luis Obispo Cal Poly demonstrated their newest app for Google Glass today, which comes with a secret built-in feature that enabled them to spy on the device’s camera whenever they want.

Google Glass

Photo: Loic Le Meur / Wikimedia Commons

Many are already concerned about the dual cameras on their smartphones taking pictures without permission, and the always-on nature of Google Glass takes this concept to a whole other level.

By hiding inside a note-taking app called Malnotes, Mike Lady and Kim Paterson were able to only upload their spying program to the Google Play store without inciden, it was only after they directly informed Google of their discovery before someone at the company acted to take it down.

This presents many issues. Firstly, Google’s Bouncer program is clearly not doing its job when it comes to clearing out the Play store of threats from malicious apps or games.

Second, the idea that anyone wearing Google Glass could be turned into a live-streaming avatar without their knowledge is certainly nothing to sniff at. If Google can’t keep a lid on the way software for the device is managed and distributed, this problem could get out of control before the eyewear is even available to the general public for purchase.

“Even Glassholes (as those who have adopted Google’s wearable technology are known) don’t deserve to be spied upon, and should have an expectation that proper security is in place to prevent abusive apps from performing actions that should be forbidden,” writes security industry veteran Graham Cluley in a blog post. “If you do insist on wearing Google Glass, then please make sure that you have protected your devices using a passcode, and be careful about what apps you install on your devices from unofficial app stores.”

Luckily this time around the threat was only a proof of concept. The people behind it were more than wiling to sit down with Google and go over exactly how they achieved access to the camera, as well as instructing them on how to prevent the problem from happening to unsuspecting users in the future.