Google Glass wearers could be exposed to jailbreaking techniques, which would allow hackers to gain full access of the headset’s operating system.
"If you jailbreak a device you then run everything as the administrative user versus just a standard user, which gives you a much wider access to the underlining hardware and software characteristics of the platform," explained Lawrence Pingree, a research director and analyst of security technologies at Gartner.
He told CBR: "If you go to a meeting wearing your Google Glass, and a hacker jail breaks a device and malware happens to get on the device, it brings a whole new level to spying."
Jay Freeman, a technology consultant, also known as Saurik, already used an exploit in Android, developed by a hacker called Bin4ry, to gain root access into a version of Google Glass in 2013.
"Once the attacker has root on your Glass, they have much more power than if they had access to your phone or even your computer: they have control over a camera and a microphone that are attached to your head," he wrote in a blog.
"A bugged Glass doesn’t just watch your every move: it watches everything you are looking at (intentionally or furtively) and hears everything you do."
Security researchers from California Polytechnic San Luis Obispo created an application for Google Glass called Malnotes that has the capability to convert the specs into a spy camera.
Like note-taking software, the Malnotes app takes a picture every 10 seconds a Glass display is active without the wearer knowing, before uploading the information to a remote server.
Mike Lady and Kim Patterson, who built the software, said the prototype was written to highlight that hackers could potentially spy on wearers.
Patterson told Forbes: "The scary thing for us is that while it’s a policy that you can’t turn off the display when you use the camera, there’s nothing that actually prevents you from doing it."
The researchers reportedly were successful in uploading Malnotes to the Google Play Store, though it was quickly removed after the news broke. However, this would not prevent Google Glass users from loading the rogue app from a third-party website for example.
"As someone who owns Glass and wants to install more apps, I’d feel a lot better if it were simply impossible to do that. Policies don’t really protect us," said Patterson.
3. QR Codes
Lookout Mobile Security found a critical vulnerability that could have allowed hackers to take control of Glass by showing it QR codes.
With this knowledge, the security firm created malicious QR codes that could force Google Glass to connect to a Wi-Fi access point, allowing hackers to read all the data flowing to and from the headset.
"We analysed how to make QR codes based on configuration instructions and produced our own ‘malicious’ QR codes," principal security researcher Marc Rogers said in a blog post.
"When photographed by an unsuspecting Glass user, the code forced Glass to connect silently to a ‘hostile’ WiFi access point that we controlled," he wrote.
"That access point in turn allowed us to spy on the connections Glass made, from web requests to images uploaded to the Cloud."
4. Wi-Fi Pineapple
Symantec found another Wi-Fi network problem, which has been a long-known weakness in wireless networking.
The security firm said for as little as $100, a hacker could buy another Wi-Fi access point with the same name that a wearer has connected before with to trick them into using it.
If a mobile device such as Google Glass looks for a known network with the SSID of "myPrivateWiFi," a device called Wi-Fi Pineapple can respond, pretending it is the network.
Once it has tricked a Wi-Fi device into thinking it is the legitimate network, it can then spy on the data traffic or redirect the user to malicious sites.
The issue, however, isn’t exclusive to Google Glass and could affect any device used.
Blaine Bublitz from coding company IcedDev showed off his Google Glass-controlled drone at International Nodebots Day last year, which he managed to control by moving his head.
Bublitz said he has to make some improvements in order to make it work better.
"Turns out that I was driving the drone at full speed in each direction I tilted my head. I should have had the speed at about 0.3 instead of 1," he said in his blog.
"Lesson learned. I would have also liked to add the ability to rotate the drone left and right based on the Glass’ azimuth value, but I guess that will have to be in the future."