If you have not yet heard of Google Glass, you haven’t been watching TV or reading tech bytes very often lately. People who wear Google Glass are not supposed to be rude or otherwise unsociable, but it does happen.
Since “Glassholes” (those who don’t use Google Glass for the purposes for which it was intended) do exist, it may not be long before forensic examiners can pull digital data from Google Glass, to prove guilt or innocence.
A digital forensics student, Julie Desautels, who attends Champlain College, has been researching the forensics of Google Glass since mid-2013. She has published “A Forensic Examiner’s Guide to Google Glass.” It explains how digital evidence can be pulled from Google Glass.
There is no advice from Google on Explorers (wearers) regarding not using Glass when they are driving. It may have been overlooked, or perhaps Google doesn’t see a problem there. However, a woman recently was stopped for speeding, while wearing Glass.
Cecilia Abadie retained an attorney, who argued that driving with Glass is acceptable if it is not turned on. With this information, a judge in California dismissed the mobile device charges. There was simply not enough concrete evidence to prove that the Glass was on and being used while she was driving.
That reason is not of use anymore, since Hacking Exposed, a computer forensics blog, stated that research could determine whether Glass is on or not when someone is driving. Google Glass has a battery level and event logs that will indicate whether it was on or not at any specific time. So, data can be retrieved from Google Glass, and this could encroach on your privacy if you wear Glass.
Google gives users details and other instructions for rooting Glass, but the Champlain College study shows that there is a difference between an un-rooted and rooted Glass, when imaged with Shattered Script and Cellebrite.
Cellebrite is a useful forensic tool for cellular devices, and it can extract all data – even erased data – from mobile devices in less than two minutes. Formerly, if an Android phone was locked, it had to be unlocked before its content could be read by Cellebrite. Law enforcement would have to ask Google to reset the device and give them the password.
Julie Desautels takes the study of digital forensics further, by showing the way to access voice commands from a Glass Explorer. Google routinely stores users’ voice commands, and other background noise and talking can also be heard on these audio clips. If the command recorded instructed the Glass to take a photo, there is an audio file of the command and a photo. The photo has the date and time stamped on it. Even if a user deletes the photo, the audio clip remains.
For Glass Explorers who use their Glass for Google searches, Desautels discovered that searches in the timeline and stamped with the time. This tells a forensics specialist where to find the web search history and cookies. From her research, Desautels also found that multiple time stamps can be located for whatever term was said when the user asked the Glass to search on Google.
A forensic examiner can determine whether Google Glass is turned off or on, and whether it is being used when it is on. If an Explorer tells Glass to take a picture, then evidence of the picture artifacts remain, even after the photo is deleted.
Google Glass forensic evidence could make or break cases someday. Glass users may find that the information stored could be used against them, just as chats, calls and texts are saved and used as incriminating evidence now.
If you have concerns about data security in your business from Google Glass, or any other types of new technology, social network, or business tools, we can help. Ask us today about a security audit for your business, or for specific recommendations that can help protect your business data.