Just days after Google releases its Glass headset to the general public, could Heartbleed, the software bug found in a lot of web servers, affect it?
The vulnerability, first spotted by Google Security and Codenomicon, exists in open source software OpenSSL, which is the standard encryption about two-thirds of websites use to keep your username and password safe.
Laurence Pingree, a research director and analyst of security technologies at Gartner, told CBR since Android uses OpenSSL, Glass will likely be vulnerable.
"The Heartbleed bug is where you can peer into memory on remote systems so if you’re using a Google Glass service that uses encryption, somebody can peer into it at the end of a session or maybe you can grab the keys that are being used to do the encryption."
Ramon T. Llamas, a research manager for mobile phones at IDC, said: "It’s not presently known whether or not Google Glass is vulnerable to Heartblleed. I’ve yet to hear any stories, but that doesn’t mean it is exempt.
"Considering how Android devices have been susceptible to Heartbleed, I wouldn’t count out Google Glass entirely."
However, Google said all Android versions are safe from the Heartbleed bug except for the Jelly Bean 4.1.1, released in July 2012, and Glass now runs on the Android 4.4 KitKat.
Technology consultant Jay Freeman, also known as Saurik, who hacked into Google Glass last year, told CBR he sees no reasonable ways of Heartbleed affecting Glass in the future.
"Android was only updated to KitKat as of yesterday. Before that version, it was running Android 4.0, which as far as I know predates the deployment of TLS heartbeats, and is thereby immune to this issue. Glass should therefore not be affected, in my understanding," he explained.
He said: "It might affect specific applications that include OpenSSL, but the build of that library included with the operating system on both Android 4.0 and Android 4.4+ is fine."
Llamas added: "The number of Google Glass explorers is still rather small, so even if Heartbleed posed a threat, it’s still a relatively small population for it to affect.
"Considering the long ramp up until formal launch, I’d expect Google to have installed a patch to remedy any possible future threats."