Google Chrome Hack Allows Websites to Listen to You

Google Chrome Hack Allows Websites to Listen to You

Google Chrome Hack Allows Websites to Listen to YouHere’s a thought. You’re a die-hard Google Chrome fan, so every time you peruse the Internet it’s Chrome all the way. In fact, you’re such a pro that you have even enabled voice-recognition. Pretty high tech. At least that’s what voice-recognition apps developer Tal Ater thought until he noticed sometime strange hidden in the background.

Chrome users listen up! Any site that’s enabled for voice-recognition has the ability to use a pop-up window to record your voice almost indefinitely without you even knowing. Ater demonstrated this by closing a tab in Chrome, yet he continued talking. He then revealed a pop-up behind the main Chrome window that was transcribing everything he was saying.

Scary? I’d say, especially if it’s a malicious site using Chrome to listen to people’s offline conversations. Just think of all the details the “bad guys” could learn about you!

So, what’s the deal with Chrome? Once you’ve given an HTTPS-enabled site permission to use your mic in Chrome, you’ve just given the whole site, even pop-ups in the background, permission. And, with the code running in a different window, none of Chrome’s recording icons will initiate, so it looks like nothing is accessing your computer at all.

What should you do? Manually revoke the microphone permissions, which most of us, me included, would never even think to do.

This bug was first reported to Google in September 2013, and while their engineers have isolated the problem, the “fix” still hasn’t made it to user computers.

And, a future warning? There is a new class of apps being developed that require even more invasive permissions. Think in-browser services, like Google Hangouts, even though more convenient because you don’t have to reauthorize your mic for each session, blanked permissions can create a privacy issue.

(Photo credit: antb / Shutterstock.com)

About the Author

Ginger Hill is Group Social Media Manager.

Featured

  • Choosing the Right Solution

    Today, there is a strong shift from on-prem installations to cloud or hybrid-cloud deployments. As reported in the 2024 Genetec State of Physical Security report, 66% of end users said they will move to managing or storing more physical security in the cloud over the next two years. Read Now

  • New Report Reveals Top Security Risks for U.S. Retail Chains

    Interface Systems, a provider of security, actionable insights, and purpose-built networks for multi-location businesses, has released its 2024 State of Remote Video Monitoring in Retail Chains report. The detailed study analyzed over 2 million monitoring requests across 4,156 retail locations in the United States from September 2023 to August 2024. Read Now

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

Featured Cybersecurity

Webinars

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3