View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Is Google Glass susceptible to Heartbleed?

Millions of Android smartphones and tablets are already vulnerable to the exploit.

By

Just days after Google releases its Glass headset to the general public, could Heartbleed, the software bug found in a lot of web servers, affect it?

The vulnerability, first spotted by Google Security and Codenomicon, exists in open source software OpenSSL, which is the standard encryption about two-thirds of websites use to keep your username and password safe.

Laurence Pingree, a research director and analyst of security technologies at Gartner, told CBR since Android uses OpenSSL, Glass will likely be vulnerable.

"The Heartbleed bug is where you can peer into memory on remote systems so if you’re using a Google Glass service that uses encryption, somebody can peer into it at the end of a session or maybe you can grab the keys that are being used to do the encryption."

Ramon T. Llamas, a research manager for mobile phones at IDC, said: "It’s not presently known whether or not Google Glass is vulnerable to Heartblleed. I’ve yet to hear any stories, but that doesn’t mean it is exempt.

"Considering how Android devices have been susceptible to Heartbleed, I wouldn’t count out Google Glass entirely."

Content from our partners
How the retail sector can take firm steps to counter cyberattacks
How to combat the rise in cyberattacks
Why email is still the number one threat vector

However, Google said all Android versions are safe from the Heartbleed bug except for the Jelly Bean 4.1.1, released in July 2012, and Glass now runs on the Android 4.4 KitKat.

Technology consultant Jay Freeman, also known as Saurik, who hacked into Google Glass last year, told CBR he sees no reasonable ways of Heartbleed affecting Glass in the future.

"Android was only updated to KitKat as of yesterday. Before that version, it was running Android 4.0, which as far as I know predates the deployment of TLS heartbeats, and is thereby immune to this issue. Glass should therefore not be affected, in my understanding," he explained.

He said: "It might affect specific applications that include OpenSSL, but the build of that library included with the operating system on both Android 4.0 and Android 4.4+ is fine."

Llamas added: "The number of Google Glass explorers is still rather small, so even if Heartbleed posed a threat, it’s still a relatively small population for it to affect.

"Considering the long ramp up until formal launch, I’d expect Google to have installed a patch to remedy any possible future threats."

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU