An expert in speech recognition states that Google Chrome users are exposed to various attacks and malware infections that can hijack the computer’s microphone. With this, all conversations in the room can be recorded for extended periods of time.
In order to gain access to the microphone however, users need to click a button to accept and give access to the microphone. Chrome usually notifies the user with a blinking red light in the browser tab and displays a camera icon in the address bar to indicate the given permission(s). As a normal behaviour, once the tab is closed, it should stop recording and drop permissions for any devices used. However, it will do the exact opposite.
As shown in the video above, Google Chrome can be used as the perfect tool for spying on anybody using the speech recognition on “shady” websites and afterwards closing the tab window. There will be no indication whatsoever about the recording feature still being enabled, and your privacy will be non-existent as long as you are still operating the browser. Israeli researcher Tal Ater said, the audio is sent to Google for analysis before being sent to the site that made the request. Once permission has been granted, Chrome can be programmed to begin recording only after certain keywords—say, “Iran” or “National Security Agency” are spoken.
“As long as Chrome is running, the transcripts of anything that is said next to your computer can be recorded by the malicious site—your private phone conversations, meetings, anything within earshot of your computer is compromised,” Ater wrote in an e-mail. “This is a unique vulnerability, as it essentially turns Chrome into an espionage tool with consequences on the physical world.”
Ater has notified Google about the security issue in September, though not even today has the bug been fixed. He wrote to Google once again in November in an attempt to find out what is taking so long to release a patch for the security breach. Their latest statement on the matter was as following:
“The security of our users is a top priority, and this feature was designed with security and privacy in mind. We’ve re-investigated and still believe there is no immediate threat, since a user must first enable speech recognition for each site that requests it. The feature is in compliance with the current W3C standard, and we continue to work on improvements.”
From the statement given, in my opinion, Google displays a lack of interest in patching their security issues, overriding their continuous statements of focusing primarily on user privacy and security. Although it corresponds to the current W3C standards, Google should also consider intermediate and novice users, who most certainly don’t even know how a browser works. If Google was to focus on user privacy, patches and fixes for every security risk should have been issued with the highest priority, even for the low risk glitches and bugs such as this one.
Thank you arstechnica for providing us with this information
Image and video courtesy of arstechnica
The Assassin's Creed Shadows development team has been facing a difficult time amid an ongoing…
More than twenty years after the launch of Vagrant Story, many are still dreaming of…
LIVE THE HORROR: An immersive disaster story aboard a stunningly realised North Sea oil rig,…
The Philips VA LED display uses an advanced multi-domain vertical alignment technology that gives you…
【TFT Screen: The Interactive Interface】This 75% mechanical keyboard comes equipped with a TFT Screen, serving…
FANDOM FUSION Play as your favorite characters and wield their unique weapons and skills. Team…