Cyber espionage by Google Glass is the next major security threat

googleglass

(Computing) For many, Google Glass and other wearable devices might appear to be the latest overhyped fad.

However, when smartphones first arrived, few would have suspected they’d become such an integral part of working life in the modern enterprise. The same could be said for tablets, which are seeing more applications added to match demand for enterprise use – Microsoft Word for Apple’s iPad being a notable example.

Businesses would therefore be wise to harness the potential benefits offered by Google Glass, but they should also be wary, because if one pattern has repeated itself when it comes to new technology, it’s that it isn’t long before hackers and cyber criminals target it as a means of gaining access to an organisation’s IT infrastructure.

The message is therefore clear, Google Glass represents the next major threat to enterprise security, with the ability of the wearable device to record video – be the user aware it’s recording or not – capable of being used for cyber espionage and data theft.

“I think many of the main concerns you’d see with carrying your mobile into a site and leaving it on so you could record what’s happening, you’re having the same situation with Google Glass, it’s just the form factor makes it easier to actually get away with doing that,” Earl Perkins, research vice president in systems security and risk at Gartner, toldComputing.

He also suggested fear of Google Glass-wearing spies could lead to a rise in physical security at organisations keen to hide sensitive data.

“You’re going to see a big influx in physical security decisions that will be running concurrently with wearable technology decisions,” said Perkins.

“You’re going to have to beef your security practices up, leading to a renaissance in physical security. That means we’regoing to beef up a lot of what we used to do around perimeter protection, access control to buildings, facilities management even, places where you’re going to attempt to sense wearable technologies.” . . . (read more)

Protecting Data Against Wearable Technology Risks (Security)

Many tech giants have recently made a big push in wearable items – from watches with integrated cellphones, to smart glasses that can record what we see in day-to-day life. Yet, many of these seemingly harmless items are raising security concerns.

Paul Martini, co-founder and CEO of iboss, says that it’s through a device’s ability to interact with the outside world that those security concerns come into place.

“For example, if Google Glass did not have the ability to record video, there would be no worry that sensitive data within an organization could be recorded and lost,” he says.

“If a smart watch did not have a microphone, there would be no worry that confidential information could be audio-recorded and transferred outside the network. So, by looking at these devices’ abilities to interact with the analog world around them, we can begin to assess the challenges of applying appropriate security measures to protect valuable assets and information.”

In addition to a device’s ability to obtain data, we need to look at storing and transferring data, Martini says.

“This is the difference between the original calculator and Samsung’s Galaxy Gear smart watch. Whereas the calculator watch had the ability to sum and multiply numbers, it didn’t have the ability to transfer and in most cases store the information.

“In contrast, the Galaxy Gear watch sends and receives text messages, makes phone calls and stores voice recordings. Fundamentally, these watches have the ability to both store and transfer data. This is the second critical piece that makes today’s wearable technology like this a security concern for business. Although the data being stored may be harmless, it does not discriminate about the type of data being stored or transferred. The data could be sensitive, violating one of many privacy laws such as HIPAA, or be the company’s Intellectual Property. The ability to store and transfer data is where the problem resides.” . . .

Google Glass: Possible Password Stealing Threat? (Phirelite)

. . . Recent research done at the University of Massachusetts Lowell has shown that wearers of Google Glass, wearable augmented-reality computing eyewear, have the ability to crack 90% of smartphone pins from up to ten feet away when using video recognition software.

This software, developed by the researchers, allows devices to track shadows cast by finger taps, so the thief does not even need to be over your shoulder to steal a passcode. The researchers found that even with an 8-digit PIN, there was a 73% success rate of capturing it. . . .

Beware of wearables (Advisen)

. . . New technologies frequently produce new risks and new regulatory issues. Few new technologies, however, result in as complex a risk conundrum as the emerging area of wearable computing devices.

Google Glass is perhaps the best known of this new breed of wearable technology, which also includes “smartwatches” and various types of sensing devices that can be strapped on your body or embedded in clothing. Google Glass is a lightweight wearable computer that offers smartphone-type functionality operated by voice commands, with information shown unobtrusively via a tiny head-mounted display.

Samsung, Sony, Pebble and Casio already offer smartwatches, but Apple’s soon-to-be-released iWatch is widely expected to define the market for this type of wearable device. . . .For corporate IT and information security professionals, wearables represent one more threat vector to contend with. As business uses of wearables emerge, BYOD policies will need to be extended to account for the specific risks posed by these devices.. . . .

More DICE Posts