Google Chrome Bug Lets Websites Listen to Your Conversations
January 26th, 2014Via: IBTimes:
A bug in Google’s Chrome web browser enables malicious websites to activate your microphone and spy on conversations that happen next to your computer, even after you’ve left the website.
Tal Ater, a web developer in Israel discovered the exploit while working on a JavaScript Speech Recognition library called annyang.
The internet giant seems dismissive of the problem, however.
In a statement, Google said: “We’ve reinvestigated and still believe there is no immediate threat, since a user must first enable speech recognition for each site that requests it.”
In a video he filmed with a voice-over artist, Ater shows how websites that legitimately turn on your microphone to enable speech recognition, can continue to record and listen in on conversations in the background even after you have left the website.
His video shows that every word of the script the voice-over artist was reading aloud has been recorded by Chrome’s speech recognition feature, even after the website has been closed.
According to the video, the information captured from the conversation is then sent to Google’s servers, analysed and then sent back to the website which was originally authorised by the user to record the conversation.
Within earshot
Once the information is in the hands of the website, anything can happen to it, and Chrome’s speech recognition feature can pick up anything said within earshot of the computer once it is switched on and has Chrome running.
The malicious website could hide information being recorded beneath a banner ad, Ater suggests.
The Chrome bug also enables attackers to programme the speech recognition feature to stay dormant, and only start recording conversations if the user says certain keywords near the computer.
Research Credit: almaverdad2
