I’ve seen the future – and it’s Google Glass spyware

Google GlassTwo graduate researchers at California Polytechnic San Luis Obispo have created an application for Google Glass that can spy on everything the wearer is looking at, without the knowledge of the user.

As Forbes reports, 22-year-old Mike Lady and 24-year-old Kim Paterson have created some software for the privacy-busting digital eyewear that secretly takes a photo every ten seconds when the Glass display is off.

The app then uploads “the images to a remote server without giving the wearer any sign that his or her vision is being practically livestreamed to a stranger.”

In order to trick users into installing the software on their Google Glass, the software pretends to be note-taking software called Malnotes.

Sign up to our free newsletter.
Security news, advice, and tips.

(Clearly the “Mal” in “Malnotes” is not supposed to stand for “Malcolm”).

Worryingly, the researchers appear to have uncovered something of a security hole in Google’s vetting process according to Forbes reporter Andy Greenberg:

Though Google’s developer terms of service for Glass specifically ban apps that take photos while the device’s display is off, Paterson and Lady discovered that there were no real security prohibitions against that trick. Over the course of my short video interview with the pair, Lady’s Glass headset running Malnotes uploaded more than 150 snapshots of his vision with no signal for either him or me.

“The scary thing for us is that while it’s a policy that you can’t turn off the display when you use the camera, there’s nothing that actually prevents you from doing it,” says Paterson. “As someone who owns Glass and wants to install more apps, I’d feel a lot better if it were simply impossible to do that. Policies don’t really protect us.”

Now, it’s possible that you are of the opinion that anyone who is antisocial enough to wear Google Glass in public (and has no qualms about photographing people without their permission and uploading imagery of individuals to Google’s servers) deserves any malicious attacks directed at them.

But I disagree. Even Glassholes (as those who have adopted Google’s wearable technology are known) don’t deserve to be spied upon, and should have an expectation that proper security is in place to prevent abusive apps from performing actions that should be forbidden.

If you do insist on wearing Google Glass, then please make sure that you have protected your devices using a passcode, and be careful about what apps you install on your devices from unofficial app stores.

Chances are that there will be others out there, with more malicious intentions than Mike Lady and Kim Paterson, who will be interested in spying upon what Google Glass wearers are looking at.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “I’ve seen the future – and it’s Google Glass spyware”

  1. “Even Glassholes (as those who have adopted Google’s wearable technology are known) don’t deserve to be spied upon!"

    Hmmm. They have a Google device – thus they are being spied on.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.