Hacker shows how Google Glass could watch its user's every move

Jay Freeman, an iOS and Android developer known for his popular Cydia app store accessible by jailbroken iPhones, has discovered a scary security flaw in Google Glass. While toying around with the Explorer edition of Google Glass, Freeman discovered that the device's lack of a PIN code or any other form of authentication could make it easy for hackers to install surveillance malware onto the device.

Unlike a smartphone, which stays in your pocket most of the time, a hacked Google Glass can give hackers access to everything you see and everything you hear. According to Freeman, "The only thing it doesn't know are your thoughts." All a hacker needs to do is grab an unattended Google Glass, hook it up to their computer via USB, and enable root access on the device. Freeman says,

"Once the attacker has root on your Glass, they have much more power than if they had access to your phone or even your computer: They have control over a camera and microphone that are attached to your head."

Not only will hackers be able to see and hear everything around you, they will be able to upload your files and recordings to remote servers. Freeman says that a hacked Google Glass "knows all your passwords" because it sees you typing them in. With a compromised Google Glass, "Nothing is safe." However, chances are that Google will take note of these security flaws and issue fixes to them before the devices become available to consumers early next year.

On the bright side, the only way hackers can install surveillance malware onto your Google Glass device is if they have physical access to it, meaning it won't be too common. But nonetheless, Google needs to step up the security on the device. The user's privacy and security should always be the top priority for any company. Freeman issued a statement to Forbes regarding the entire situation. He says,

"It's just kind of sloppy and negligent for Google to release a device to a bunch of early adopters that is missing a basic security function and even has a known bug on it that was disclosed eight months ago. Like someone could be inside of [tech pundit and blogger] Robert Scoble's glass right now."

[via Forbes]