While voice recognition is a great technology to look up to it can also lead to a leak of your privacy if you are using it in Google Chrome. It has been found that web developers can exploit bugs in Google’s Chrome browser to listen through your computer’s microphone as long as Chrome is running. By exploiting bugs in Google Chrome, malicious sites can activate your microphone, and listen in on anything said around your computer, even after you’ve left those sites!
Tal Ater, a developer, said that the privacy breach could happen when you visit another website via Chrome and give access to your microphones to take control of the site with your voice. Chrome shows a clear indication in the browser that speech recognition is on, and once the user turns it off, or leaves that site, Chrome stops listening.
However, many a time malicious website launch hidden pop-up windows that go unnoticed by you and may remain live even after you exit the parent site. This is where your conversation gets tapped as your microphone has still remained active while Google Chrome makes no indication whatsoever about your speech recognition functions being in use.
Ater says that he discovered Google Chrome bug while working on annyang, a popular JavaScript Speech Recognition library. Having got insights during his work, he could find multiple bugs in Chrome and combined all of them into one exploit. Now, since we wanted his project to succeed, he decided to report the matter to Google. Tal mentions on his blog.
“I reported this exploit to Google’s security team in private on September 13. By September 19, their engineers have identified the bugs and suggested fixes. On September 24, a patch which fixes the exploit was ready, and three days later my find was nominated for Chromium’s Reward Panel (where prizes can go as high as $30,000.). But then time passed, and the fix didn’t make it to users’ desktops. A month and a half later, I asked the team why the fix wasn’t released. Their answer was that there was an ongoing discussion within the Standards group, to agree on the correct behaviour – “Nothing is decided yet”.
Today, Chrome remains the most popular of the all the browsers in the world used by millions. And if Mr. Ater’s arguments are to be believed then such privacy exploits could well prove deadly for many. Let’s hope Google listens to this and comes with the fix soon.
