View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Is Google Glass susceptible to Heartbleed?

Millions of Android smartphones and tablets are already vulnerable to the exploit.

By Amy-Jo Crowley

Just days after Google releases its Glass headset to the general public, could Heartbleed, the software bug found in a lot of web servers, affect it?

The vulnerability, first spotted by Google Security and Codenomicon, exists in open source software OpenSSL, which is the standard encryption about two-thirds of websites use to keep your username and password safe.

Laurence Pingree, a research director and analyst of security technologies at Gartner, told CBR since Android uses OpenSSL, Glass will likely be vulnerable.

"The Heartbleed bug is where you can peer into memory on remote systems so if you’re using a Google Glass service that uses encryption, somebody can peer into it at the end of a session or maybe you can grab the keys that are being used to do the encryption."

Ramon T. Llamas, a research manager for mobile phones at IDC, said: "It’s not presently known whether or not Google Glass is vulnerable to Heartblleed. I’ve yet to hear any stories, but that doesn’t mean it is exempt.

"Considering how Android devices have been susceptible to Heartbleed, I wouldn’t count out Google Glass entirely."

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

However, Google said all Android versions are safe from the Heartbleed bug except for the Jelly Bean 4.1.1, released in July 2012, and Glass now runs on the Android 4.4 KitKat.

Technology consultant Jay Freeman, also known as Saurik, who hacked into Google Glass last year, told CBR he sees no reasonable ways of Heartbleed affecting Glass in the future.

"Android was only updated to KitKat as of yesterday. Before that version, it was running Android 4.0, which as far as I know predates the deployment of TLS heartbeats, and is thereby immune to this issue. Glass should therefore not be affected, in my understanding," he explained.

He said: "It might affect specific applications that include OpenSSL, but the build of that library included with the operating system on both Android 4.0 and Android 4.4+ is fine."

Llamas added: "The number of Google Glass explorers is still rather small, so even if Heartbleed posed a threat, it’s still a relatively small population for it to affect.

"Considering the long ramp up until formal launch, I’d expect Google to have installed a patch to remedy any possible future threats."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU