30
Apr
image

Several days ago, something happened that sent a not insignificant ripple through coverage of Google Glass: someone "jailbroke" the device.

image

Saurik, who posted the above photo to Twitter, had modified Glass' software "while in the Bay Area after picking it up from Google's headquarters in Mountain View."

Understandably, this idea was a bit bedeviling to the press – ostensibly, Glass is a relatively limited platform for developers, who can only write apps using a web-based API, allowing software to be integrated with the device over the internet. Eric Schmidt's words regarding the relative closed-ness (or at least, less-than-total openness) of Glass' platform to start were still wet on the page. To make matters worse, comments came at rapid pace from the press and from Googlers regarding the situation that may not have been detailed enough to keep cursory readers up to snuff on what was really going on.

In what can only be accurately classified as an epic post to his blog, Saurik (aka Jay Freeman) has detailed the entire story, from his initially fiddling with Glass straight through to the process' possible security implications, and the security risks inherent in a new device like Glass.

In his post, Saurik explains the process of getting root access on Glass, first addressing the catch-22 that would be using fastboot, to exploring a 4.0.x exploit initially implemented by hacker Bin4ry, to how to use the exploit with your own Glass unit (assuming you're lucky enough to have one already).

For those with dreams of unlocked bootloaders, Saurik offers words of caution. In the post, he outlines the security risks of unlocking your bootloader in general (if left alone for even a short period of time, someone could tamper with your device in a way that would be more than a little harmful). Saurik expounds on this idea, noting that – should the worst happen – someone could gain access to your Glass and, by extension, your eyes and ears. While doing something like that would take a certain amount of effort, Saurik suggests Google add some protection to Glass that's at least marginally, well, extant (like a PIN unlock, or a sliding camera shield that says to viewers and users alike I'm not recording).

For the full scoop, grab a cup of coffee and head to the source link below. While long, it's a great read for anyone interested.

Source: Saurik

Liam Spradlin
Liam loves Android, design, user experience, and travel. He doesn't love ill-proportioned letter forms, advertisements made entirely of stock photography, and writing biographical snippets.

  • Lou

    Needed Security? Here are some ideas!

    1.) Retina Scanner

    2.) Fingerprint Scanner

    3.) Voice Imprint Scanner

    While the first two are not available on the current hardware mind they are still developer devices. If Google can find their way to implement these systems in the consumer release or a developer 2.0 model I think security would not be much of an issue.

    How come Google did not think of adding these 3 in the first place anyways? Especially a Retina Scanner so that Glass only operates when it can scan the owner's eye to use it. It would have been a perfect security method!

    • http://www.facebook.com/csoulr666 Ahmad Nadeem

      I only thought of a Retina Scanner..LOL
      Saurik's article was actually quite knowledgeable....But we do have to keep in mind that Glass is a newly implemented idea and it will take time to become better

    • Google_Is_The_Higgs_Boson

      I think thats the point of giving testing prototypes to developer... If anyones going to find these issues, its developers... So now Google knows...

    • Ivan Myring

      Why no fingerprint scanner? They exist on some business laptops, and the touch pad could be used for that as well. Or as it has to be tethered to a phone, you unlock the phone and glass is unlocked? Or you press the touch pad a number of times at the correct speed as a lock?

      • http://googleplus.VoluntaryMan.com/ William Thieme

        Taking your phone out is the problem glass fixes. Using your phone to unlock glass defeats much of the purpose.

      • ElfirBFG

        I really enjoyed the fingerprint reader on the Atrix. I don't know why such readers aren't implemented in more devices.

    • Alex

      Finger print scanner is the only thing that seems reasonable. But then that's just added price to the device. I think pin code is simple and it works...

      • Lou

        While a simple pin code could work it has been mentioned plenty of times before that it can be hacked. Think of it this way:

        If someone were to steal your Glass and it was locked using Retina/fingerprint scanner technology it would be nearly impossible for someone to simply grant access to the device and unless they know of a "master hacker" more than likely the Stolen Glass device will not work for anyone making it a $1500 paperweight. A pin code on the other hand would give them a slight chance in being able to unlock due to the fact that it requires nothing special from the owner to unlock. (If you can write your own brute force the pin can be found in a matter of days depending on the length and characters involved.) However bio-locks such as Retina and Fingerprint make it MUCH harder to access. Unless someone wants to try prying out your eye and cutting off your finger to access your glass more than likely no one is going to get access to it but you.

        Remember, Glass is a revolutionary device. Because of so we need revolutionary security for such a revolutionary device!

    • Sven

      Why not something like a swipe pattern? You can tap, swype back and forth on the touchpad und unlook it with a combination.

    • NikhilW

      Retina scanner all the way.. That will be so IronMan-ish awesome! :-)

  • Joshua Barta

    I like the idea of a sliding camera cover... I think something as simple as this would go a long way to alleviate the fears about privacy that so many people seem to have. Greater acceptance of the technology would, in turn, drive more widespread adoption.

    • Mike Reid

      Agreed. But...

      Then someone would create a fake cover with a hole in it, or one that passes partial light.

  • http://www.facebook.com/profile.php?id=1745689461 Hal Motley

    Didn't think I would hear from Saurik again. After I left iOS behind, though he's a huge person on the jailbreak scene over there responsible for Cydia and the Telesphoros project. So I am not surprised he jailbroke Google Glass and it's good to see he has expanded his horizons.

    I will be keeping a firmer eye on Google Glass.

    • blunden

      He did also release a root exploit for Android a while back that worked on multiple phones at the time.

      • http://www.facebook.com/profile.php?id=1745689461 Hal Motley

        Oh yeah, I forgot about Mempodroid.

    • Mike Reid

      Ah, that explains why it says "Jailbroken". No such word in the Android lexicon.

      • http://www.facebook.com/profile.php?id=1745689461 Hal Motley

        Thanks to officially supported sideloading, we have the benefits of running applications outside of Google Play without the compromise of not having them code-signed. Therefore we can avoid jailbreaking and still have freedom. I love the Android life these days.

  • http://www.facebook.com/profile.php?id=1569417452 Tyler Watthanaphand

    still not as bad as leaving SSH credentials as root/apline

  • TheCraiggers

    Thankfully, I'm not like Saurik. The government likely does not have me on some "list" like he probably is from his past exploits. That means I have the luxury of not needing to worry about the FBI seeing my smartphone on the table and doing nefarious things to it when I'm in the bathroom.

    But if I *did* have to worry about this, I'd just be sure to never leave my device anywhere. Going to the bathroom at dinner? Simply take your device with you. As long as there isn't a remote exploit, I feel pretty decent about my devices' security, even when it's unlocked.

    As an aside, it's well understood in the computer security industry that it's nigh-impossible (if not just plain impossible) to keep your server/network secure when the attacker has physical access. These smartphones are no exception to that rule.

  • Owen Finn

    They could blind you in one eye!

  • http://twitter.com/andr3wjacks0n andrew jackson

    Why is this such a big deal? Most android products get rooted.

    • Sir_Brizz

      This isn't a big deal. It's only a big deal because saurik is saying it is, which is a dumb reason to make a big deal out of something.

      • http://www.facebook.com/profile.php?id=1745689461 Hal Motley

        Probably because Saurik did it.

  • Ivan Myring

    Cyanoglassmod!