Weaponising Smart Glasses: The Social Engineer’s New Eyes

I’m a techie at heart, and I recently picked up a pair of Ray-Ban Meta Wayfarer smart glasses — and honestly, I love them. They’re slick, intuitive, and make creating content effortless.

But with my cybersecurity head on, I couldn’t help but start analysing the potential threat vectors this kind of wearable tech introduces — especially in the hands of someone with less-than-good intentions.

With Meta recently rolling out powerful new AI visual recognition features in the UK, it’s time we take a closer look at how these devices could be weaponised by attackers, particularly in the realm of social engineering and physical infiltration.

🆕 “Say What You See” Comes to the UK

In April 2025, Meta announced that UK users now have access to a new AI-powered visual assistant. Just say:

“Hey Meta, what am I looking at?”

And the glasses will describe the scene — identifying landmarks, objects, and surroundings in real time.

Great for accessibility. But also great for attackers, who could:

• Identify employee badges, logos, or internal equipment
• Gather context in secure environments
• Reinforce impersonation tactics with confidence

Meta also teased a live speech translation feature rolling out soon — again, a useful tool, but one that could assist multilingual pretexting in social engineering attacks.

🕵️♂️ How Could a Threat Actor Use These Glasses?

1. Covert Reconnaissance Capture PIN pads, badge readers, workstation layouts, or screens without raising suspicion.
2. Tailored Phishing Use overheard names, tools, and phrases to craft highly believable emails or vishing attempts.
3. Tailgating and Impersonation Study movement patterns, dress codes, and behaviours to blend in and gain access.
4. Shoulder Surfing 2.0 Logins, QR codes, passwords? All recorded from a casual glance.
5. Audio Espionage With five microphones built in, meetings or private chats can be captured for intel or even deepfake voice cloning.

🔍 Facial Recognition Hack: A Real-World Threat

France 24 reported in early 2024 that Ray-Ban Meta glasses were hacked to run facial recognition in real time. By pairing with open-source models, attackers could:

• Identify people walking past
• Match them to LinkedIn or social profiles
• Choose high-value targets instantly

Combine that with “say what you see” and AI context awareness, and we’re facing a mobile reconnaissance tool hiding in plain sight.

You can see more about this here – Harvard students turn Meta’s Ray-Ban Smart Glasses into a surveillance nightmare • FRANCE 24

🕶️ The Window Tint Trick

Even the built-in white LED (meant to signal recording) can be bypassed. Attackers have used automotive window tint to obscure the light while the camera remains fully operational.

Meaning: no one knows they’re being recorded.

🛡️ What Should Organisations Be Doing?

• Update awareness training to include smart glasses and other wearables.
• Restrict recording-capable devices in sensitive areas.
• Revise visitor access controls — and teach staff how to spot disguised tech.
• Modernise threat models to factor in AI-powered, context-aware wearable tools.

⚖️ The Takeaway

These glasses are brilliant — for creators, travellers, and tech lovers. But they’re also a growing concern in physical and human-centric attack surfaces.

As a cybersecurity professional, I’m keeping mine — but I’m also keeping both eyes open to the risks they introduce.

admin