The malware, designed by Mike Lady, 22, and Kim Paterson, 24, is disguised as note-taking software. It takes and uploads a photo every 10 seconds when the display is off, without giving the user any indication that it's doing so.
"The scary thing for us is that while it’s a policy that you can’t turn off the display when you use the camera, there’s nothing that actually prevents you from doing it," Paterson told Forbes. "As someone who owns Glass and wants to install more apps, I’d feel a lot better if it were simply impossible to do that. Policies don’t really protect us."
While the app probably wouldn't make it onto Google's MyGlass app store, Paterson says that wouldn't keep it from spreading in today's environment. "A lot of Glass developers are just hosting their apps from sites just to let other people try it," she said. "It's sort of a wild-west atmosphere, since very few apps are being released through the MyGlass store."
While Google initially responded to the announcement by accusing the students of violating Glass developer terms, a company spokesperson later told Forbes, "One goal of the Explorer program is to get Glass in the hands of developers so they can hack together features and discover security exploits. We value this kind of security research and feel badly if we came across as overly forceful to the grad students at Cal Poly. All of this work ultimately contributes to making Glass a better and more secure product ahead of a wider consumer launch."
Photo courtesy of Shutterstock.