ABOUT US | SERVICES | SUBSCRIPTIONS | LOGIN | SIGNUP
SUBSCRIBE TO TMCnet
TMCnet - World's Largest Communications and Technology Community
MARKETS » NFV Pandemic Tech News
HOT TOPICS » SD-WAN THE BLOCKCHAIN DOMAIN UC NETWORK MANAGEMENT
RESOURCE CENTER - WHITE PAPERS   |   WEBINARS   |   EBOOKS   |   TMCLabs   |   VIDEOS|   MEDIA KIT

CHANNEL BY TOPICS


QUICK LINKS




Bug in Google Chrome Lets Malicious Websites Listen In

TMCnet Feature

January 23, 2014

Bug in Google Chrome Lets Malicious Websites Listen In

Share
Tweet
By David Delony
Contributing Writer

A software developer has gone public with a bug that allows malicious users to spy on Google (News - Alert) Chrome users via their built-in microphones on their computers.


Tal Ater, a software developer working on speech recognition technology uncovered the bug. Normally, when a site requests to use a computer’s microphone, Chrome asks the user to confirm. If the user navigates away from the site or otherwise exits the browser, the browser isn’t listening.

Most sites that use speech recognition use SSL to encrypt the connection, attempting to display an aura of security.

“This doesn’t mean the site is safe, just that the owner bought a $5 security certificate. When you grant an HTTPS site permission to use your mic, Chrome will remember your choice, and allow the site to start listening in the future, without asking for permission again,” Ater wrote on his site. This is perfectly fine, as long as Chrome gives you clear indication that you are being listened to, and that the site can’t start listening to you in background windows that are hidden to you.”

A malicious website, on the other hand, can open up a pop-under window that will continue to log any sound in the vicinity of the user, including any conversations, without any obvious indication that the microphone is still turned on.

Ater originally contacted Google about the bug in September, but went public after months passed without Google releasing a fix closing the security hole.

“A month and a half later, I asked the team why the fix wasn’t released,” he wrote. “Their answer was that there was an ongoing discussion within the Standards group, to agree on the correct behavior - ‘Nothing is decided yet. ’As of today, almost four months after learning about this issue, Google is still waiting for the Standards group to agree on the best course of action, and your browser is still vulnerable.”

Ater also demonstrated how the bug worked in a video. Until Google issues a fix, it pays to be extremely wary about which sites Chrome users authorize to use their microphones.




Edited by Ryan Sartor


View all articles


Comments powered by Disqus








Technology Marketing Corporation

2 Trap Falls Road Suite 106, Shelton, CT 06484 USA
Ph: +1-203-852-6800, 800-243-6002

General comments: [email protected].
Comments about this site: [email protected].

IMPORTANT

SUBSCRIPTIONS


Subscribe to our FREE eNewsletters
CLICK HERE

STAY CURRENT YOUR WAY

© 2024 Technology Marketing Corporation. All rights reserved | Privacy Policy