Google Glass: Let the evil commence
I was initially interested in contacting Android and iOS hacker extraordinaire Jay Freeman (aka, "Saurik") because he had recently notified the Android development community on Twitter that he had successfully "rooted" his Google Glass headset, with the bragging rights displayed below.
Freeman has since released a lengthy account of how the exploit was accomplished, providing the bits and the procedure to repeat it, and has offered a number of warnings to the Glass community regarding just how ineffective the security on the device currently is.
I wanted to know from Freeman if, once rooted, it is possible to programmatically disable the "recording LED indicator" on the device, so that one could stealthily record without any indication to the subject that they are being captured on-camera.
As it turns out, there is no such indicator light on the "Explorer" version of Google Glass that has recently shipped to the first generation of users and developers who were lucky enough to get their hands on the headset. Duh.
Still, there's room to make the device even stealthier. As Freeman explained to me during a phone interview, although there's no recording indicator per se, if you are being recorded, it's readily apparent from video activity being reflected off the wearer's eye prism that something is going on, particularly if you are in close proximity to the person.
But that can be changed once a Glass headset is rooted. Because Glass is an Android device, runs an ARM-based Linux kernel, and can run Android user space programs and custom libraries, any savvy developer can create code that modifies the default behavior in such a way that recording can occur with no display activity showing in the eye prism whatsoever.
And while the default video recording is 10 seconds, code could also be written that begins and stops recording for as long as needed with a custom gesture or head movement, or even with innocuous custom voice commands like: "Boy, I'm tired" to begin, and "Boy, I need coffee" to end it.
You could write and side load an application that polls the camera and takes a still photo every 30 seconds, should you, say, want to "case" and thoroughly photodocument a place of business prior to committing a crime. Or even engage in corporate espionage. Or simply capture ambient audio from unsuspecting people around you.
Read this
So while the 12.5GB of usable storage on this first version of Glass is fairly meager for storing HD video, it's plenty of space for storing still image JPG files and 64Kbps compressed audio. And that's not counting storage that could be accessed in the cloud in places like Dropbox, or even using a personal wi-fi connection to a smartphone with a large amount of internal memory.
The 5MP camera and the audio pickup of the current Glass Explorer Edition is fairly unspectacular. If an AOSP version of Glass's Android OS is ever published, there's certainly nothing to stop an OEM from producing a superior headset with optical zoom, a higher-resolution CMOS with superior light sensitivity, possibly even night vision, and significantly better microphones.
[Editor's note: Google has already released the specific source code bits that Glass uses that are a requirement of the company's commitment to using the GPLv2-licensed Linux kernel. However, this does not represent a full platform Open Source release of Glass's pre-loaded apps and complete run-time environment, which, like the rest of Android, would probably be licensed using Apache 2.0]
While Glass' current battery time is limited to about 5 hours of regular use and 20 minutes of run time while doing video recording, extended recording of video and audio could be accomplished through a thin USB connector wire (painted to match hair and skin color) hidden behind the neck, leading to a large external battery hidden in a coat or a vest such as, say, the $75 12000mah New Trent iCarrier that I carry with me on business trips to charge my smartphones.
Google intended the first version of Glass to look nerdy and clearly like a wearable computing device. But any number of techniques could be used to conceal the active components of the product through good industrial design and color blending, as well as through the use of prosthetics, makeup and hairstyles.
And if the existing Android OEM ecosystem is of any indication, it's a virtual certainty that we'll see Glass headsets that are licensed by third parties.
"Evil Glass" may include all the software necessary to turn a 14-year-old into a walking stealth surveillance device that would have been the envy of the Mossad or China's Ministry of State Security.
Once you have root on a Glass headset, any number of custom software packages could be installed without Google being able to prevent one from doing things that would make your hair stand on end, such as on-the-fly image and audio processing.
This is the kind of stuff that until now, only major intelligence agencies could do with very expensive surveillance equipment. Just wait until Israeli and Eastern European startups, which are staffed with former intelligence personnel who have a huge wealth of knowledge in using this kind of technology, get a hold of this thing.
There are tons of unlicensed Android phones and tablets being produced in China. Once the basic spec of Glass is available, there's nothing to stop an unscrupulous company in Asia from creating a Glass clone that's totally open without any hacking required.
And once Glass Explorer Edition's ROM makes it into the wild, all kinds of "Evil" re-spins can be produced to make the stock Glass into a Swiss Army surveillance kit for sociopaths, not just hackers.
Such an "Evil Glass" Android distribution may include all the software necessary to turn a 14-year-old into a walking stealth surveillance device that would have been the envy of the Mossad or China's Ministry of State Security only five or ten years ago.
So we know that once a headset is rooted, the wearer can do all sorts of stuff with the device that Google never intended for them to do with it, and there are Glass applications already in the mind's eye of malicious people ready to use them for nefarious purposes.
But what about stuff that isn't being perpetrated by the wearer? What if a Glass headset starts doing stuff without the wearer's knowledge?
Well, as it turns out, as Freeman so thoroughly documents and explains on his website, there's a lot of potential for that, too.
Because the current implementation of Glass has no "pin lock" like an Android phone or tablet has, the device is always active when it is turned on, and thus it would be relatively simple to inject a headset using a USB-connected device and the Android SDK with an exploit along with a malware playload that, say... snaps pictures and records audio of everything you do, and stores and forwards it over the internet to the hacker without the wearer's knowledge.
In short, if you buy a Glass device, don't let the thing out of your sight.
Will Glass be used to "do the evil" that Google has pledged it would never engage in? Talk back and let me know.