Last Friday Twitter user @Saurik posted the above image to his account along with this tweet:
As Glass is, according to Google, supposed to be a more closed and secure platform the media had an absolute field day with this. Many Google employees chimed in on various news sites and simply added to the confusion with such eloquent statements like:
“This is not rooting. Nothing is rooted. There is no root here! This is ‘fastboot OEM unlock’.”
Another Google employee commented in another way:
“Yes, Glass is hackable. Duh.”
Luckily Saurik himself took to his website to clear things up with one of the best blog posts I’ve ever seen. I will talk about some of the insights he offered about the security issues that are raised by Glass, along with his root methods. If you have a decent chunk of free time then I recommend you check out his post yourself. Without further ado, let’s get into what this hack means for the future of Glass!
Several statements made by Google soon before Saurik made his post, revealed that Glass would not be nearly as open as the Android OS it was based on. Applications would be served solely through a web based API, and every application would require Google’s stamp of approval, a system oddly reminiscent of Apple’s App Store. While those security measures may seem slightly over the top, it just makes sense to limit access to a brand new type of device that can quite literally see and hear everything you do.
Despite the initial appearance of being a closed system, further examination shows that Google has deliberately left a few back alleys open for aggressive Devs to take advantage of. Debug mode, something which any android modder is rather familiar with, is actually included within the device’s stock software. It doesn’t even require jumping through hoops to access, and it’s conveniently located in plain sight on the settings menu. Just a simple tap can enable it.
For most android devices root is enabled by connecting a device through ADB mode, turning on USB debugging, and unlocking the bootloader -by entering a code like Unlock, or OEM- and finally flashing a rooted image to the device’s ROM. Many people including the Google Employee I quoted above, assumed this was how Saurik was able to root his Glass so quickly. He was, however, unable to do so as Google has not yet released the stock images for Glass’ OS and he didn’t have enough information on the device specs to create a custom Kernel.
So how did Saurik manage to bite into the tasty, tasty root of his device? Why, by taking advantage of an old unpatched exploit of course! Exploits are the second most common method of achieving root, and as Glass is based on android 4.0 Saurik correctly assumed that an old ICS update might do the trick. A Google search revealed that an exploit had been discovered by someone named Bin4ry. Saurik worked a little technical magic and boom, he had root access! Of course, it wasn’t quite that simple but any technical description I could ever give will pale in comparison to Saurick’s. So, if you are curious how it works or want to root Glass yourself, then follow the link provided.
So what does all this mean for you? Probably nothing if you are like me and 99% of the other folks who read this with no beautiful Glass Explorer edition strapped to your face.
Saurik did mention a rather unlikely scenario where someone had a smartphone and a USB OTG cable literally up their sleeve being able to hack into your Glass with this exploit. This does strike me as rather unlikely considering how rare the explorer eddtions are (I would be very surprised if this exploit makes it into the final retail editions.)
The one thing that this discovery might do, is light a fire underneath Google’s rear-end and encourage them to implement some sort of security system on glass. Strangers would not be able to gain access to your device, or send overly nice emails to people you hate, if some sort of security measures were implemented for the Glass system. Sauric also mentions a camera activation indicator would help people discover if their device had been tampered with. I really hope Google does add some external indication of camera usage, as constantly walking past people who may or may not be videotaping you could very well turn you into this. Perhaps even just a blinking LED, or something?
Do Glass’s potential security issues make you nervous? Or do you think the whole issue is overblown? Let us know in the comments down below.