Despite being anything other than mainstream, Google Glass has already become controversial and divisive. Non-wearers have expressed concerns over privacy and early adopters have already experienced legal issues. One early wearer even claims to have been attacked after donning the device in a San Francisco bar.

More concerning though is the possibility that the device could be hacked into by a third party. While it is comforting to think that most users have enough common sense not to be “glassholes” by spying on other people and recording them, it would certainly be an issue if Google Glass could be accessed by someone other than the wearer.

Now, two graduate researchers from the California Polytechnic San Luis Obispo are claiming that they have built what could very well be the first proof-of-concept spyware for Google’s eyepiece.

According to a Forbes report, Mike Lady and Kim Paterson have created an application for Google Glass that can spy on everything the user is looking at without their knowledge.

Their app can secretly take a photo every ten seconds, even if the Glass display is off. The captured images are then uploaded to a remote server without giving the wearer any indication that their vision is being remotely viewed.

Of course no-one in their right mind would install spyware willingly so the duo disguised their app as a note-taking software which they called Malnotes.

Whilst Google’s developer terms of service explicitly prohibits the taking of photos when the display is switched off, the researchers discovered that wasn’t a barrier, as reported by Forbes reporter Andy Greenberg:

“Though Google’s developer terms of service for Glass specifically ban apps that take photos while the device’s display is off, Paterson and Lady discovered that there were no real security prohibitions against that trick. Over the course of my short video interview with the pair, Lady’s Glass headset running Malnotes uploaded more than 150 snapshots of his vision with no signal for either him or me.”

Researcher Kim Paterson added that:

“The scary thing for us is that while it’s a policy that you can’t turn off the display when you use the camera, there’s nothing that actually prevents you from doing it. As someone who owns Glass and wants to install more apps, I’d feel a lot better if it were simply impossible to do that. Policies don’t really protect us.”

Though it has been removed now, Lady and Paterson did manage to get their app into the Google Play store for a time. They did not attempt to submit it to the more restrictive MyGlass app store though, primarily because their professor had already let the cat out of the bag when he tweeted about their work.

In response, a Google spokesperson said:

“Right now Glass is still in an experimental phase, and has not been widely released to consumers. One goal of the Explorer program is to get Glass in the hands of developers so they can hack together features and discover security exploits.”

Google does, of course, have a point – officially, Glass is only currently available to individuals who have been accepted into its Google’s Glass Explorer program and availability of the $1,500 (plus taxes) device is extremely limited for now.

However, as supply increases, users will need to be aware of the potential security issues. Google can, and hopefully will, do its part here by blocking the ability to add apps from third party sites, instead limiting the choice to MyGlass which already has a strong set of guidelines in place.