Google Glass Security, Privacy Worries Complicate Wide Adoption
Google Glass and other technologies take that even further by making it easier for the devices to gather data and help the user, said Jerry Irvine, CIO for Chicago-based IT consultancy Prescient Solutions. A person wearing a Google Glass device could easily take pictures of sensitive data—say, a boardroom whiteboard—without drawing as much attention to themselves as someone who pulled out a mobile phone or camera, he said. "These are the same technologies that we have in mobile phones, but because it's being worn and you are not drawing attention to yourself as you use it, it is a bigger risk," he said. In addition, there are no technologies that allow users to manage the security of the devices or allow third parties to ban the devices use in certain circumstances, Irvine added. "Organizations are going to have to define what they are going to allow. Whether people can come into their facilities with these devices," he said.In a recent example of the possibilities, mobile-security firm Lookout showed off an attack where a malicious quick-response, or QR, code that could redirect the data from Google Glass through a compromised access point. QR codes are the modern version of bar codes that allow data to be scanned by mobile devices. Google Glass extensively uses QR codes to configure the device. The devices were vulnerable because they would essentially allow any QR code to be used to send information to the device, said Marc Rogers, principal security researcher at Lookout. "The user never sees anything at all," he said. "Glass connects the user to the access point using the QR code and starts sending all of its traffic through that new access point. At that point, if you control the access point, you control the connection." Such attacks, while easily remedied, should cause technologists and early adopters to pause and consider the implications of increasing the ability for digital threats to impact a user. By giving individuals a larger footprint in cyberspace, the Internet of Things opens them to more attacks, Rogers said. "As we become increasingly reliant on these devices, as they become more intimately integrated into our lives, we have to take them more seriously from a security perspective," he said. We must take them "even more seriously than our PCs, because these things have a role in our life 24/7."
While the privacy and information-security aspects of Google Glass and other devices add new problems for enterprise security teams, wearers of the devices must also worry about having such a personal device compromised by malicious hackers.