The Google response was that rooting wasn’t necessary since the company had left the front door open (although, in reality, they only thought they had). But in fact Google’s executive chairman Eric Schmidt had announced only the day before that the company had decided that it will pre-approve all apps offered to Glass users. “It's so new, we decided to be more cautious," he said, painting a picture more like Apple’s walled garden than standard Android. It all amounts to a confusion in the ranks that doesn’t portend a secure device.
Now, in a lengthy and detailed posting, saurik (Jay Freeman) has explained what he did, how he did it, and what he’s learned about Glass.
The operating system used by Glass is a cut down version of Android. One of the features of Android is that it is ‘open’; that is, booting can be interrupted to allow the use of an alternative or modified operating system. Freeman didn’t use this feature, and explains that he doesn’t recommend its use by others. Instead, he looked for an Android exploit that might work on Glass, and found an unnamed Android exploit implemented by a hacker known as Bin4ry.
“The way it works is, humorously to me,” he explains, “somewhat similar to one of the first stages of the evasi0n exploit used to jailbreak iOS 6: it involves something called a ‘symlink traversal’ that can be triggered while restoring a backup to the device.”
Why do this if you can simply interrupt the bootloader? Well, it’s not known how the release version of Glass will operate, but current versions of Android will specify if the device is locked, unlocked, or has ever been unlocked – presumably because unlocking voids the manufacturer’s warranty, and this feature confirms whether the warranty has been voided by the user. The problem is that in its unlocked state, the device is completely insecure. “You have no way to be confident,” says Freeman, “that your operating system hasn't been modified by someone while outside of your control.”
While Android data is often protected, Android system software is unencrypted and can be modified. “This means that if you leave your device in someone else's hands, and it has an unlocked bootloader, with just a minute alone they can access anything you have stored on it... They can even leave software that allows them to remotely access it at any time, getting your location or even taking pictures.” If the user never unlocks the device, then there is at least some confirmation that the operating system has not been modified.
One problem with the current implementation of Glass, says Freeman, is that it is not PIN-protected. This, he suggests, makes Glass eminently hackable; and bugged Glass is more worrying than a bugged computer – it sees everything the user sees, and hears everything the user hears. “The only thing it doesn't know are your thoughts,” says Freeman.
He offers two particular suggestions to improve Google Glass security. The first would be automatic protection whenever the device is not being worn (where it is relatively safe). “It might be possible to use some kind of eye-based biometric. Another option is a voiceprint,” he suggested. The second suggestion is that Google “should provide some way for the user to feel confident in a given situation that the device could not possibly be recording.” He put forth an idea regarding a little sliding shield to cover the camera.
Referring back to the confusion over whether Glass is open or walled, he also warned Google that it needs to get its Glass house in order. “The doors that Google is attempting to open with Glass are simply too large, and the effects too wide-reaching, for these kinds of off-the-cuff statements to be allowed to dominate the discussion.”