Madison Ruppert: A hacker has proven that Google Glass can be turned into a secret
surveillance device by anyone with physical access to the device,
according to a report. Oddly enough, even former Secretary of the Department of Homeland Security Michael Chertoff has come out against the technology.
It’s quite odd to see the likes of Michael Chertoff – the man who made tons of money off of the TSA’s naked body scanners – coming out against the technology as he did in a recent opinion piece, especially based on privacy concerns.
The already quite noteworthy privacy concerns surrounding Google Glass were increased exponentially today with an Ars Technica report stating, “A smartphone hacker has provided conclusive proof that the futuristic computing headset known as Google Glass can be surreptitiously modified to give anyone with physical access almost complete control over the device.”
Given than five minutes with a device, security consultant Jay “saurik” Freeman said that he can “pick up your Glass, turn on debug mode, and get root access on it in a way that doesn’t leave a trace.”
“Then I can modify any of the software on your device,” Freeman told Ars Technica in a telephone interview. “I can make it so that for the rest of your Glass’ lifetime I’m in there, too, able to get access to your camera, listen in on your microphone. I can turn off debug mode and make it look like there’s nothing changed from your perspective. And when you get it back, you’re screwed.”
“A bugged Glass doesn’t just watch your every move: it watches everything you are looking at (intentionally or furtively) and hears everything you do. The only thing it doesn’t know are your thoughts,” Freeman wrote in a blog post.
If a hacker obtained that type of access, Freeman described some of the obviously major problems that would arise.
Since Glass sees everything you do, it would see you entering passwords, PIN codes, building access codes and even pictures of keys detailed enough to allow copies to be made.
“Nothing is safe once your Glass has been hacked,” Freeman said.
“We recognize the importance of building device-specific protections, and we’re experimenting with solutions as we work to make Glass more broadly available,” Google said in a statement. “It’s also important to understand that Glass doesn’t access many parts of a Google Account, including settings or many products. And your personal MyGlass site allows you to change the content that you see on Glass or, if you misplace it, wipe all the data off your device.”
This obviously falls far short of what one might consider reassuring.
It’s amazing to see important questions like, “So, who owns and what happens to the user’s data? Can the entire database be mined and analyzed for commercial purposes?” being raised by the likes of Chertoff and obviously one must treat it with a healthy degree of skepticism, but they are vital questions nonetheless.
“What rules will apply when law enforcement seeks access to the data for a criminal or national security investigation? For how long will the data be retained?” Chertoff asks.
Service providers like Google could argue that the terms of service customers agree to will limit how their data is collected, used and stored, Chertoff points out, but that doesn’t cover “data that is collected about passersbys whom they record, intentionally or not.”
“Even those who might be willing to forgo some degree of privacy to enhance national security should be concerned about a corporate America that will have an unrestricted continuous video record of millions,” Chertoff writes.
Again, reading this coming from Chertoff is so unbelievable it almost seems like an April Fool’s joke that was published a month late.
One might argue that while there are many important points raised by Chertoff, he also draws a conclusion that doesn’t quite follow.
“The new data collection platforms right in front of us are much more likely to affect our lives than is the prospect of drones overhead surveilling American citizens,” Chertoff concludes.
This may or may not be true and certainly can’t be concluded with any degree of certainty, let alone the level of certainty that is communicated in saying “much more likely.”
Therefore, Chertoff’s criticisms very well may be self serving. Indeed, knowing Chertoff, it’s hard to imagine that he would do anything that wasn’t going to directly benefit him in one way or another.
It’s certainly true that Chertoff is not a privacy champion or someone who would consider “what rights consumers have, and what rights nonparticipant third parties should have” simply because he cares.
Regardless, the issues raised by Chertoff must be noted and given the most recent example of how technology like Google Glass can be easily exploited, implementing privacy measures are going to be vitally important.
It’s quite odd to see the likes of Michael Chertoff – the man who made tons of money off of the TSA’s naked body scanners – coming out against the technology as he did in a recent opinion piece, especially based on privacy concerns.
The already quite noteworthy privacy concerns surrounding Google Glass were increased exponentially today with an Ars Technica report stating, “A smartphone hacker has provided conclusive proof that the futuristic computing headset known as Google Glass can be surreptitiously modified to give anyone with physical access almost complete control over the device.”
Given than five minutes with a device, security consultant Jay “saurik” Freeman said that he can “pick up your Glass, turn on debug mode, and get root access on it in a way that doesn’t leave a trace.”
“Then I can modify any of the software on your device,” Freeman told Ars Technica in a telephone interview. “I can make it so that for the rest of your Glass’ lifetime I’m in there, too, able to get access to your camera, listen in on your microphone. I can turn off debug mode and make it look like there’s nothing changed from your perspective. And when you get it back, you’re screwed.”
“A bugged Glass doesn’t just watch your every move: it watches everything you are looking at (intentionally or furtively) and hears everything you do. The only thing it doesn’t know are your thoughts,” Freeman wrote in a blog post.
If a hacker obtained that type of access, Freeman described some of the obviously major problems that would arise.
Since Glass sees everything you do, it would see you entering passwords, PIN codes, building access codes and even pictures of keys detailed enough to allow copies to be made.
“Nothing is safe once your Glass has been hacked,” Freeman said.
“We recognize the importance of building device-specific protections, and we’re experimenting with solutions as we work to make Glass more broadly available,” Google said in a statement. “It’s also important to understand that Glass doesn’t access many parts of a Google Account, including settings or many products. And your personal MyGlass site allows you to change the content that you see on Glass or, if you misplace it, wipe all the data off your device.”
This obviously falls far short of what one might consider reassuring.
It’s amazing to see important questions like, “So, who owns and what happens to the user’s data? Can the entire database be mined and analyzed for commercial purposes?” being raised by the likes of Chertoff and obviously one must treat it with a healthy degree of skepticism, but they are vital questions nonetheless.
“What rules will apply when law enforcement seeks access to the data for a criminal or national security investigation? For how long will the data be retained?” Chertoff asks.
Service providers like Google could argue that the terms of service customers agree to will limit how their data is collected, used and stored, Chertoff points out, but that doesn’t cover “data that is collected about passersbys whom they record, intentionally or not.”
“Even those who might be willing to forgo some degree of privacy to enhance national security should be concerned about a corporate America that will have an unrestricted continuous video record of millions,” Chertoff writes.
Again, reading this coming from Chertoff is so unbelievable it almost seems like an April Fool’s joke that was published a month late.
One might argue that while there are many important points raised by Chertoff, he also draws a conclusion that doesn’t quite follow.
“The new data collection platforms right in front of us are much more likely to affect our lives than is the prospect of drones overhead surveilling American citizens,” Chertoff concludes.
This may or may not be true and certainly can’t be concluded with any degree of certainty, let alone the level of certainty that is communicated in saying “much more likely.”
Therefore, Chertoff’s criticisms very well may be self serving. Indeed, knowing Chertoff, it’s hard to imagine that he would do anything that wasn’t going to directly benefit him in one way or another.
It’s certainly true that Chertoff is not a privacy champion or someone who would consider “what rights consumers have, and what rights nonparticipant third parties should have” simply because he cares.
Regardless, the issues raised by Chertoff must be noted and given the most recent example of how technology like Google Glass can be easily exploited, implementing privacy measures are going to be vitally important.
No comments:
Post a Comment