Privacy expectations have been evolving or changing for several years. As younger generations become more comfortable sharing personal information with less expectation that it will remain private, it’s no secret that our online privacy expectations are fading fast.
But the shocking claims reported by CNN Money that Google Glass wearers can allegedly steal pretty much everything, including your bank account details, credit card account, or even your Social Security number is reigniting the debate about our collective privacy expectations.
CNN pointed out that security researchers at the University of Massachusetts in Lowell have created software “that maps the shadows from fingertips typing on a tablet or smartphone. Their algorithm then converts those touch points into the actual keys they were touching, enabling the researchers to crack the passcode.”
Although Google has officially said its product is not a surveillance device, cyber forensics expert Xinwen Fu explains all a hacker needs to see is your finger moving across your mobile device.
“Google Glass is on your head, so it’s easy to adjust angle. What if you’re using mobile banking? We can steal your bank account password,” says Fu.
Fu and his research team – who will present more of these details next month at the Black Hat cybersecurity conference – says the major vulnerability is that keys are always in the same place on the keyboard.
Fu and his students tested out a few products: they used Google Glass to spot a four-digit PIN from three meters away with 83% accuracy; webcam video revealed the code with 92% accuracy; and the iPhone’s camera caught the passcode nearly 100%.
We know that Google Glass can be used to abuse data — but it can also be used to protect data. There’s been developments – and not entirely unsurprising in the wild frontier of mobile app technology – of a “futuristic” app for Google Glass to add an extra layer of privacy for users withdrawing cash from ATM machines. It displays a one-time personal identification number that only the Glass user can see. In other words, watching users enter a PIN is useless, as it changes each time.
The system is called Ubic and displays the PIN as a QR code, and no one is able to spy on the PIN. The system is more secure than sending new PINs to smartphones, which can be spied on by hackers.
Your Privacy and Google’s Goals
Above and beyond the consumer safety issues inherent in wearing Google Glass are the broader questions — does Google Glass comply with privacy laws, what about the “right to be forgotten,” and how does Google intend to use the information collected?
Remember, Google Glass does not just allow the wearer to record and observe other people. All of the data captured by Glass, including photos, videos, audio, location data, and other sensitive personal information, is stored on Google’s cloud servers. That means Google “owns” all of that data, much as it has admitted to scanning the contents of Gmail accounts for targeted advertising purposes.
Another cutting-edge development is a new patent application for technology that shields users from nearby video cameras. The patent describes how the technology would essentially “blur” the images of people and possibly deter overall video surveillance – or is that simply an impossible ideal in our modern world?