Full Report
Smart glasses allow anyone to track and record the world around them. That could put your data and the privacy of those nearby at risk.
Analysis Summary
# Best Practices: Smart Glasses Privacy & Security
## Overview
Smart glasses integrate cameras, microphones, and AI-driven facial recognition into everyday eyewear. These practices address the dual-threat landscape: protecting the wearer from device exploitation and protecting bystanders from surreptitious data collection, "shoulder surfing," and unauthorized identity mapping.
## Key Recommendations
### Immediate Actions
1. **Harden Authentication:** Enable Multi-Factor Authentication (MFA) and strong, unique passwords for the companion smartphone app.
2. **Toggle Privacy Settings:** Opt out of "AI Training" and "Human Review" in the device settings to prevent recordings from being accessed by contractors or used for model training.
3. **Physical Shuttering:** Place glasses in a protective case when not in use to physically block lens/microphone capture.
4. **Awareness (Bystanders):** Recognize the indicators of active recording—typically a pulsing or flashing LED light on the frame.
### Short-term Improvements (1-3 months)
1. **Data Hygiene:** Establish a monthly schedule to audit and delete stored recordings and transcripts from the companion app and cloud storage.
2. **Connection Security:** Configure devices to "Forget" public Wi-Fi networks and ensure a VPN is active if a public hotspot must be used.
3. **Update Management:** Enable automatic firmware updates for the glasses and the companion app to patch vulnerabilities that could allow remote eavesdropping.
### Long-term Strategy (3+ months)
1. **Behavioral Adaptation:** Train wearers to consciously look away or remove glasses when interacting with sensitive data (e.g., typing PINs at ATMs, viewing bank statements, or entering passwords).
2. **Privacy Advocacy:** Monitor regulatory developments regarding "Name Tag" or facial recognition features to adjust usage policies based on current legal and safety standards.
## Implementation Guidance
### For Small Organizations
- **Policy Definition:** Create a simple "Acceptable Use Policy" (AUP) that prohibits smart glasses in private areas (e.g., restrooms, changing rooms).
- **Basic Training:** Educate employees on the risks of "shoulder surfing" and the importance of updated firmware.
### For Medium Organizations
- **BYOD Integration:** Include smart glasses in Bring Your Own Device (BYOD) policies, mandating MFA and prohibiting the use of company credentials on the companion app.
- **Physical Security:** Post signage in sensitive areas (e.g., HR offices, server rooms) explicitly banning recording-capable eyewear.
### For Large Enterprises
- **MDM Deployment:** Use Mobile Device Management (MDM) to ensure the companion apps on corporate phones meet security baseline configurations.
- **Vendor Risk Assessment:** Evaluate the privacy policies of smart glasses manufacturers (Meta, Google, Amazon) before permitting their use for corporate tasks.
- **Advanced Training:** Conduct simulations on how smart glasses can be used by malicious actors for corporate espionage or credential harvesting.
## Configuration Examples
* **Privacy Opt-Out:** Navigate to `Settings > Privacy > Data Use` and disable "Improve AI" to stop human review of clips.
* **Voice Control:** Set the "Wake Word" (e.g., "Hey Meta") to be less sensitive or disable it entirely, requiring a physical button press to trigger recording.
* **Device Locking:** Within the companion app, enable "App Lock" via biometrics (FaceID/Fingerprint) to prevent unauthorized access to synced footage if the phone is lost.
## Compliance Alignment
- **NIST Cybersecurity Framework:** Relates to **Protect (PR.AC)** for identity management and **Protect (PR.PT)** for maintenance.
- **ISO/IEC 27001:** Relevant to **Annex A.8.1** (User responsibilities) and **A.14.2** (Security in development/support).
- **GDPR:** Addresses the "Informed Consent" and "Data Minimization" principles regarding the recording of third parties in public/private spaces.
## Common Pitfalls to Avoid
- **Visual Camouflage:** Assuming bystanders know you are recording; the LED light is often too small to be noticed in bright light.
- **App Over-Permissioning:** Granting the companion app access to your entire contact list or photo library when not strictly necessary.
- **The "Case-Free" Habit:** Leaving glasses on a table or around the neck where they can still capture audio/video accidentally.
## Resources
- **ESET WeLiveSecurity:** [welivesecurity[.]com]
- **Privacy Policy Reviews:** [techcrunch[.]com]
- **VPN Selection Guidelines:** [welivesecurity[.]com/en/privacy/buying-vpn-what-know-look-for/]