With Google Glass wearers popping up all over the place in the US, discussion of the device has focused on how wearable computing and front-facing cameras will challenge our conceptions of privacy. There's been precious little discussion about how attackers will treat the device, and that oversight could cause big problems later on.
Watchguard's director of security strategy Corey Nachreiner noted that with its radical interface and form factor, Google's wearable computer could be a tempting target for attackers. "Google Glass is just another Android platform," said Nachreiner. "The only newness is the input options," which include the front-facing camera, touch, voice controls, and the ability to record just about everything. This is worrisome, as Nachreiner observed (and experts agree) that Android is the mobile platform targeted most by attackers.
The most dangerous attacks on Android generally use trojanised apps, which are malicious applications dressed up to look like popular apps, usually distributed over third-party marketplaces. Other Android issues focus on the amount of information advertisers, and developers, can access with their apps.
An information gold mine
The huge amount of information available with a worn device could be a tempting target. "Theoretically, if people who use Google Glass wear it all the time, suddenly you have the potential to see everything the victim sees," said Nachreiner. This could include banking login information, two-factor authentication codes, or possibly extorting money from a victim by capturing embarrassing video.
Even mundane visual information – like what products you look at, or things in your home – could be valuable to advertisers and attackers. It's a sci-fi scenario, but one that Nachreiner thinks might be coming.
"In the future, we're going to have algorithms that will pinpoint things in video automatically," he said, potentially turning Google Glass into a personal info-sucking machine. Though far-fetched, Nachreiner believes it's a good idea to start thinking about these concerns now.
Staying safe with Google Glass… and Android
Though Google Glass will share some of Android's vulnerabilities, it can also take advantage of the platform's strengths. For instance, Nachreiner recommends that regardless of your device, users should enable a strong password on their device, or at least a four-digit PIN. "I'm surprised at how many normal consumers just swipe their phone and go right in," he said.
Nachreiner also recommends that users avoid side-loading apps, and stick to trusted app stores. Though side-loading is powerful, going outside Google Play greatly increases your risk of encountering a malicious app. "The number one way to get malware on Android," said Nachreiner, "is to download a free, stolen copy of Angry Birds."
Though the bad guys typically target bad user behaviour, like app piracy, Nachreiner admits that there are and will continue to be software vulnerabilities in Android. Keeping your software up to date, on Glass or on a Galaxy S4, is a good way to avoid attacks that take advantage of those vulnerabilities.
Also, turn off features you don't use – like Bluetooth – which could be used as an avenue of attack on your device.
Last, and certainly not least, Nachreiner recommends that consumers get some kind of security software. Android's freedom does allow for more kinds of attacks, but it also gives consumers the ability to fight back with powerful security suites. We've advocated getting security apps many times – the threats to your mobile device go well beyond malware, and there are many security products at different price points that can help protect you.
Despite the issues surrounding the as-yet unreleased Google Glass, Nachreiner says he will get one, but probably not a first-generation device. "I'm a sci-fi geek, and I'm a gadget nerd," he said, by way of explanation. "I'll buy it because I like the idea of having it, but I don't know if I'd wear it everywhere."
"I might tape over the front-facing camera," he concluded.