Metasploit, a popular vulnerability testing framework, added a new test module that would allow users to test how vulnerable some versions of the Android browser are to being hacked from shell access, and that’s when this exploit was found in Glass. The exploit would involve a man-in-the-middle hijacking that WebView instance, which wouldn’t be too difficult to do if you’re on a public WiFi or anything that isn’t well secured. At that point, the malicious code could do anything from taking photos with your device to remotely turning on your microphone. Definitely not a good thing.
Right now, I don’t think you can really fault Google too much for this. In fact, the whole point of the Glass Explorer program is to get people busy finding serious bugs like this before Glass is released to the public. I’d expect to have this issue resolved long before Google Glass is officially hitting store shelves.
source: Dave Slocombe
via: Android Authority