News

No Privacy For Chrome Thanks To Speech Recognition Hack

An expert in speech recognition states that Google Chrome users are exposed to various attacks and malware infections that can hijack the computer’s microphone. With this, all conversations in the room can be recorded for extended periods of time.

In order to gain access to the microphone however, users need to click a button to accept and give access to the microphone. Chrome usually notifies the user with a blinking red light in the browser tab and displays a camera icon in the address bar to indicate the given permission(s). As a normal behaviour, once the tab is closed, it should stop recording and drop permissions for any devices used. However, it will do the exact opposite.

As shown in the video above, Google Chrome can be used as the perfect tool for spying on anybody using the speech recognition on “shady” websites and afterwards closing the tab window. There will be no indication whatsoever about the recording feature still being enabled, and your privacy will be non-existent as long as you are still operating the browser. Israeli researcher Tal Ater said, the audio is sent to Google for analysis before being sent to the site that made the request. Once permission has been granted, Chrome can be programmed to begin recording only after certain keywords—say, “Iran” or “National Security Agency” are spoken.

“As long as Chrome is running, the transcripts of anything that is said next to your computer can be recorded by the malicious site—your private phone conversations, meetings, anything within earshot of your computer is compromised,” Ater wrote in an e-mail. “This is a unique vulnerability, as it essentially turns Chrome into an espionage tool with consequences on the physical world.”

Ater has notified Google about the security issue in September, though not even today has the bug been fixed. He wrote to Google once again in November in an attempt to find out what is taking so long to release a patch for the security breach. Their latest statement on the matter was as following:

“The security of our users is a top priority, and this feature was designed with security and privacy in mind. We’ve re-investigated and still believe there is no immediate threat, since a user must first enable speech recognition for each site that requests it. The feature is in compliance with the current W3C standard, and we continue to work on improvements.”

From the statement given, in my opinion, Google displays a lack of interest in patching their security issues, overriding their continuous statements of focusing primarily on user privacy and security. Although it corresponds to the current W3C standards, Google should also consider intermediate and novice users, who most certainly don’t even know how a browser works. If Google was to focus on user privacy, patches and fixes for every security risk should have been issued with the highest priority, even for the low risk glitches and bugs such as this one.

Thank you arstechnica for providing us with this information
Image and video courtesy of arstechnica

Gabriel Roşu

Disqus Comments Loading...

Recent Posts

Electronic Arts Titles Played for Over 11 Billion Hours in 2024

Electronic Arts (EA) announced today that its games were played for over 11 billion hours…

2 days ago

Just 15% of Steam Gaming Time in 2024 Was Spent on New Releases

Steam's annual end-of-year recap, Steam Replay, provides fascinating insights into gamer habits by comparing individual…

2 days ago

STALKER 2 Gets Massive 110GB Patch With 1800+ Fixes

GSC GameWorld released a major title update for STALKER 2 this seeking, bringing the game…

2 days ago

Intel Unveils Core 200H Processors Based on the Previous Raptor Lake Refresh

Without any formal announcement, Intel appears to have revealed its new Core 200H series processors…

3 days ago

Ubisoft Reportedly Developing a New Quadruple A Game

Ubisoft is not having the best of times, but despite recent flops, the company still…

3 days ago

STALKER 2: Heart of Chornobyl Update 1.1 Fixes 1,800 Issues and Revamps A-Life 2.0

If you haven’t started playing STALKER 2: Heart of Chornobyl yet, now might be the…

3 days ago