Cyber espionage by Google Glass is the next major threat to enterprise security

By Danny Palmer
23 Jul 2014 View Comments
Google Glass

For many, Google Glass and other wearable devices might appear to be the latest overhyped fad.

However, when smartphones first arrived, few would have suspected they'd become such an integral part of working life in the modern enterprise. The same could be said for tablets, which are seeing more applications added to match demand for enterprise use - Microsoft Word for Apple's iPad being a notable example.

Further reading

Businesses would therefore be wise to harness the potential benefits offered by Google Glass, but they should also be wary, because if one pattern has repeated itself when it comes to new technology, it’s that it isn’t long before hackers and cyber criminals target it as a means of gaining access to an organisation’s IT infrastructure.

The message is therefore clear, Google Glass represents the next major threat to enterprise security, with the ability of the wearable device to record video – be the user aware it’s recording or not – capable of being used for cyber espionage and data theft.

“I think many of the main concerns you’d see with carrying your mobile into a site and leaving it on so you could record what’s happening, you’re having the same situation with Google Glass, it’s just the form factor makes it easier to actually get away with doing that,” Earl Perkins, research vice president in systems security and risk at Gartner, told Computing.

He also suggested fear of Google Glass-wearing spies could lead to a rise in physical security at organisations keen to hide sensitive data.

“You’re going to see a big influx in physical security decisions that will be running concurrently with wearable technology decisions,” said Perkins.

“You’re going to have to beef your security practices up, leading to a renaissance in physical security. That means we’re going to beef up a lot of what we used to do around perimeter protection, access control to buildings, facilities management even, places where you’re going to attempt to sense wearable technologies.”

But many businesses won’t want to entirely ban Google Glass from their premises; indeed organisations including Virgin Atlantic and Dubai Police have already adopted the technology after successful trials. So what are the potential dangers facing such firms?

“It’s a risk, it’s another attack vector, it’s another way of hacking in. It’s another piece of connected data processing that I’m carrying around, which just means it’s another type of device which could potentially be hacked into,” Dr Siraj Ahmed Shaikh, reader in cyber security and leader of the digital security and forensics research group at Coventry University, told Computing.

“I’m sure some interesting scenarios will emerge in terms of hacking it or security,” he added.

Dr Shaikh suggested that much like how smartphones are currently exploited as a security weak point by cyber criminals, it’s inevitable that an organisation will suffer a security breach involving Google Glass.

“Things will happen, it’s sod’s law. What can go wrong will go wrong,” he said.

It’s a view shared by Orlando Scott-Cowley, security specialist at Mimecast, who also believes cyber criminals will look to exploit Google Glass in a similar fashion to how smartphones have been targeted.

“I’m sure at some point we’ll see the same focus of attack on Google Glass just like we saw attacks on phones,” he said. “There will be some kind of weakness that someone will find and they’ll record something or see something – something will happen.”

Scott-Cowley added that using technology for cyber espionage isn’t a new idea, but Google Glass represents “a more covert way of recording data”, which is there to be exploited.

But while there are those who’ll actively wear Google Glass in order to attempt cyber espionage, Gartner’s Perkins suggested it’s entirely possible the wearer could see their device hacked and therefore be completely unaware that they’re recording footage and sending it straight to the hard drives of cyber thieves.

“You would have to know and understand how to access Google Glass remotely, there are ways to be able to authenticate yourself as a Google Glass user, and it would require a suitable level of sophistication to let it take place.

“But could you take control of Google Glass and unbeknown to the user, record something that they’re looking at? The answer is yes,” he said.

Reader comments
blog comments powered by Disqus
Newsletters
Is it time to open Windows?

Computing believes that Microsoft will start offering Windows free of charge by 2017. Is this a good thing for the enterprise?

55 %
16 %
6 %
20 %
3 %