Google Chrome Hack Allows Websites to Listen to You

Google Chrome Hack Allows Websites to Listen to You

Google Chrome Hack Allows Websites to Listen to YouHere’s a thought. You’re a die-hard Google Chrome fan, so every time you peruse the Internet it’s Chrome all the way. In fact, you’re such a pro that you have even enabled voice-recognition. Pretty high tech. At least that’s what voice-recognition apps developer Tal Ater thought until he noticed sometime strange hidden in the background.

Chrome users listen up! Any site that’s enabled for voice-recognition has the ability to use a pop-up window to record your voice almost indefinitely without you even knowing. Ater demonstrated this by closing a tab in Chrome, yet he continued talking. He then revealed a pop-up behind the main Chrome window that was transcribing everything he was saying.

Scary? I’d say, especially if it’s a malicious site using Chrome to listen to people’s offline conversations. Just think of all the details the “bad guys” could learn about you!

So, what’s the deal with Chrome? Once you’ve given an HTTPS-enabled site permission to use your mic in Chrome, you’ve just given the whole site, even pop-ups in the background, permission. And, with the code running in a different window, none of Chrome’s recording icons will initiate, so it looks like nothing is accessing your computer at all.

What should you do? Manually revoke the microphone permissions, which most of us, me included, would never even think to do.

This bug was first reported to Google in September 2013, and while their engineers have isolated the problem, the “fix” still hasn’t made it to user computers.

And, a future warning? There is a new class of apps being developed that require even more invasive permissions. Think in-browser services, like Google Hangouts, even though more convenient because you don’t have to reauthorize your mic for each session, blanked permissions can create a privacy issue.

(Photo credit: antb / Shutterstock.com)

About the Author

Ginger Hill is Group Social Media Manager.

Featured

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.