News

No Privacy For Chrome Thanks To Speech Recognition Hack

An expert in speech recognition states that Google Chrome users are exposed to various attacks and malware infections that can hijack the computer’s microphone. With this, all conversations in the room can be recorded for extended periods of time.

In order to gain access to the microphone however, users need to click a button to accept and give access to the microphone. Chrome usually notifies the user with a blinking red light in the browser tab and displays a camera icon in the address bar to indicate the given permission(s). As a normal behaviour, once the tab is closed, it should stop recording and drop permissions for any devices used. However, it will do the exact opposite.

As shown in the video above, Google Chrome can be used as the perfect tool for spying on anybody using the speech recognition on “shady” websites and afterwards closing the tab window. There will be no indication whatsoever about the recording feature still being enabled, and your privacy will be non-existent as long as you are still operating the browser. Israeli researcher Tal Ater said, the audio is sent to Google for analysis before being sent to the site that made the request. Once permission has been granted, Chrome can be programmed to begin recording only after certain keywords—say, “Iran” or “National Security Agency” are spoken.

“As long as Chrome is running, the transcripts of anything that is said next to your computer can be recorded by the malicious site—your private phone conversations, meetings, anything within earshot of your computer is compromised,” Ater wrote in an e-mail. “This is a unique vulnerability, as it essentially turns Chrome into an espionage tool with consequences on the physical world.”

Ater has notified Google about the security issue in September, though not even today has the bug been fixed. He wrote to Google once again in November in an attempt to find out what is taking so long to release a patch for the security breach. Their latest statement on the matter was as following:

“The security of our users is a top priority, and this feature was designed with security and privacy in mind. We’ve re-investigated and still believe there is no immediate threat, since a user must first enable speech recognition for each site that requests it. The feature is in compliance with the current W3C standard, and we continue to work on improvements.”

From the statement given, in my opinion, Google displays a lack of interest in patching their security issues, overriding their continuous statements of focusing primarily on user privacy and security. Although it corresponds to the current W3C standards, Google should also consider intermediate and novice users, who most certainly don’t even know how a browser works. If Google was to focus on user privacy, patches and fixes for every security risk should have been issued with the highest priority, even for the low risk glitches and bugs such as this one.

Thank you arstechnica for providing us with this information
Image and video courtesy of arstechnica

Gabriel Roşu

Disqus Comments Loading...

Recent Posts

Cities Skylines II Beach Properties DLC is One of The Worst Reviewed DLC on Steam

On March 25th, Colossal Order released the first DLC for Cities Skylines II, the city…

8 mins ago

COLORFUL Launches CVN B650M GAMING FROZEN AM5 Motherboards

Today Colorful Technology has launched two new AMD B650 motherboards under their CVN Gaming Frozen…

1 hour ago

Sharkoon Unveils SKILLER SGK40 Mechanical Gaming Keyboard

Sharkoon Technologies has today unveiled their SKILLER SGK40, a customizable mechanical gaming keyboard with edge…

2 hours ago

MSI MAG 274UPF E2 4K Ultra HD Monitor Coming Soon

MSI has just revealed their latest feature-packed gaming monitor, the MSI MAG 274UPF E2. It…

3 hours ago

Thermaltake Reveal New S250 TG ARGB Mid-Tower Case

Thermaltake has just revealed its latest addition to its already packed and awesome case collection,…

3 hours ago

No Man’s Sky Orbital Update Trailer Released

Hello Games continues its road to redemption with No Man's Sky, however, I'd say we're…

4 hours ago