With a name like Glass, it was just asking to be cracked.
Just days after its release to developers, Google’s Glass headset has already been hacked to give users full control of its Android operating system, according to Jay Freeman, a well-known Android and iOS developer who tested a known exploit for Android on Glass yesterday and announced his success on Twitter Friday afternoon. The “root” or “jailbreak” technique Freeman found would potentially remove any restrictions Google might place on Glass, though it’s not yet clear exactly what those restrictions might be in consumer versions of the device.
Freeman, who goes by the hacker handle “Saurik” and created the widely-used app store for jailbroken iOS devices known as Cydia, told me in a phone interview that he discovered yesterday that Glass runs Android 4.0.4, and immediately began testing previously-known exploits that worked on that version of Google’s mobile operating system. Within hours, he found that he could use an exploit released by a hacker who goes by the name B1nary last year to gain full control of Glass’s operating system.
“It took me two hours while I was having dinner with friends at the time,” Freeman wrote to me. “The implementation from B1nary is for normal Android tablets and phones, I learned how it worked and then did the same thing on Glass…which was quite simple.”
Freeman, who obtained his Glass unit through a program for developers, says he’s not exactly sure yet what gaining root access to Glass might make possible. (He says he hasn’t been able to use his much due to his own eyeglasses prescription, which has made focusing on the device’s display painful for more than a few minutes at a time.) But he speculates that jailbreaking Glass could make it possible to store data locally on the device or on Bluetooth-linked phone, rather than upload it automatically to Google’s servers, a measure that some privacy-conscious users may appreciate.
Freeman says he was able to hack Glass using the device’s debug mode and a flaw in its backup function that tricks the device into thinking it’s running as an emulation on a developer’s machine. As he described it to me:
You take a backup from the device, modify the backup, and then restore the modified backup to the device. While the backup is restoring, you make a change to the data being restored that redirects the data being restored to overwrite a critical configuration file. This makes the device think that it is not running on real hardware: you make it think it is instead running on the emulator used by Android developers to test their software on desktop/laptop computers. As the emulator is designed for developers, it has full control and gives you “root”.
Freeman isn’t the only hacker tinkering with Glass. Another developer named Liam McLoughlin had already achieved root access to Glass the day before,according to the blog 9to5Google.
It’s not yet clear whether the exploits Freeman and McLoughlin used will work on consumer versions of Glass rather than developer versions. Freeman says that he spoke with a Google employee who was surprised that Freeman’s device had debug mode enabled, and commented that he thought it had been taken out of the latest version.
Unlike Apple, however, Google has long taken a friendly approach to those who hack its mobile devices, even allowing users and OEMs to root its devices with sanctioned methods. I’ve reached out to Google for comment on whether and how it will respond to developers hacking its new headset ahead of Glass’s 2014 release, and I’ll update this post if I learn more.
This much is clear: If Google does intend to keep a tight lock on Glass, it’s already a step behind the hackers who want to unlock it.