Story

Google Glasses: Hacked and being used as zombies

Google Glasses: Espionage, cyber crime and cyber warfare. Recently Google published their awesome Google Glass product. This product will take away the smart phone services and will put them in your Google Glasses. You can command the product by voice so you can easily start services like voice recording, video recording, messaging and the common social media services like Facebook, Twitter and let's not forget the not so famous Google+ network.

But as this is Cyberwarzone we won't be talking about the positive side of the Google Glasses. We are going to show you the dangers that come with the Google Glasses when it comes to cybercrime and cyberwarfare.

First of all to understand the threat you got to know what the Google Glass product is - take a look at the promotion video by Google below: 

Want to see how Glass actually feels? It's surprisingly simple. Say "take a picture" to take a picture. Record what you see, hands free. Even share what you see, live.

Directions are right in front of you. Speak to send a message, or translate your voice. Get the notifications that matter most. Ask whatever's on your mind and get answers without having to ask.

All video footage captured through Glass.

Connected to the internet 

The Google Glass product is connected to the internet - as it is connected to the internet it can function like a node. It can transmit and receive data. Cyber criminals will target the Google Glass as it is an product that will be used globally. It will be online for the most time and it contains valuable information. The picture below shows an "fake" infected Google Glass product. 

The hacked Google Glass host provides the following details: 

  • Host ID
  • IP
  • Infected with
  • E-profile completion 
  • Banking money

Connected to your company

We all love the share information. Google knows this and is using this for the development of their services and the internet as it whole. So when you need specific information - Google will use your query to get a view of what is going to Trend and what won't. Now we are doing this daily by using the Google Search Engine and other services. Cyber criminals are going to use the Google Glass to get specific information about you. Hackers will hack Google Glass! They do not need to use a phishing website to gain your information - all they need is your Google Glass. As showed above the Google Glass will be targeted in the future and the Chinese are always interested in the information you are holding. 

Following the report issued by security firm Mandiant on APT1, the massive cyber espionage campaign allegedly launched by the Chinese military, Symantec has come forward to provide some clarifications, but also to reassure customers that they’re protected against the threat.

The company has released a Q&A in which it details the Comment Crew, the hacker group that’s believed to be behind APT1.

Symantec reports that the spear phishing emails sent by the cybercriminals usually contain attachments entitled something like this:

- ArmyPlansConferenceOnNewGCVSolicitation.pdf 
- Chinese Oil Executive Learning From Experience.doc 
-  My Eight-year In Bank Of America.pdf

The industries targeted by the Comment Crew are IT, finance, energy, aerospace, manufacturing, media, telecoms, transportation and public services. The most targeted countries appear to be the US and India, but pieces of malware used by the Comment Crew have also been spotted in Russia, and other locations. 

Additional details about APT1 and information on what threats are blocked by Symantec products are available here.

So you can ask whatever is on your mind but you don't know who is listening. 

Employees in your company

Espionage will be a lot easier with the help of the Google Glasses. This product will be accepted globally as a safe product and it won't be seen as a spy tool like the famous spy glasses and watches. This means when someone in the company is using the Google Glasses he won't be seen as suspicious - but at the same time he could be streaming detailed information from your company to your (future) competitor

A list of possible hacks

  1. GPS hack (providing wrong directions)
  2. DNS hack (providing wrong databases and information)
  3. Remote Administration options
    3.1 Start Glasscam
    3.2 Start Glassvoice recorder
    3.3 Purchase malicious goods
    3.4 etc etc. 
  4. Obtain hidden information
  5. Obtain personal information
  6. Obtain classified information
  7. Infect with Trojan
  8. Use the product as a zombie in a botnet


Disclaimer: The Google Glass product is awesome and we can't wait till we get our hands on it. 


The security field will adopt to this threat and will create protocols for it but how long will it take before people start the threat that comes with these smart devices that hold personal information?