Google Glass jailbroken: hacker says security is ineffective

It didn't take long but the high profile Google Glass has already been jailbroken. Infamous Android and iOS hacker Jay Freeman (otherwise known as Saurik) has told the community that he has ‘rooted' his Google Glass headset.

He shared a picture online showing his jailbroken device. Additionally he published a detailed online report of how the exploit was achieved. This means other people can copy the procedure to jailbreak theirs if they want. He also highlighted how poor the security on the device is.

ZDNET writer Jason Perlow spoke to Freeman and said ” As Freeman explained to me during a phone interview, although there's no recording indicator per se, if you are being recorded, it's readily apparent from video activity being reflected off the wearer's eye prism that something is going on, particularly if you are in close proximity to the person.

But that can be changed once a Glass headset is rooted. Because Glass is an Android device, runs an ARM-based Linux kernel, and can run Android user space programs and custom libraries, any savvy developer can create code that modifies the default behavior in such a way that recording can occur with no display activity showing in the eye prism whatsoever.

And while the default video recording is 10 seconds, code could also be written that begins and stops recording for as long as needed with a custom gesture or head movement, or even innocuous custom voice commands like: “Boy, I'm tired” to begin, and “Boy, I need coffee” to end it.

You could write and side load an application that polls the camera and takes a still photo every 30 seconds, should you say … want to “case” and thoroughly photodocument a place of business prior to committing a crime, or even engage in corporate espionage. Or simply capture ambient audio from unsuspecting people around you.”

Jay did say in his own piece ‘As an example, in an article published by Ars Technica, the situation had gotten so confused by such statements from Google employees (which included comments like “Yes, Glass is hackable. Duh.”) that Ars ended up reporting that “there's been some debate over whether developers actually gained root access to the devices or simply took advantage of a ‘fastboot OEM unlock' that Google itself provided”.

As long as engineers, advocates, and officers from Google make statements like these without carefully looking into the facts first, it will not be possible to have any kind of reasonable and informed discussion about this system. The doors that Google is attempting to open with Glass are simply too large, and the effects too wide-reaching, for these kinds of off-the-cuff statements to be allowed to dominate the discussion.”

It really is worth checking out the original article here as Jay details how he got root access and how the exploit works, in detail.

EDIT: 2nd May 00.02 GMT- Jay Freeman spoke to Kitguru today and we have published a new article on the subject, over here.

Kitguru says: What lies in future for the Google Glass device?

Become a Patron!