Hackers can use Google Chrome to spy on your conversations

A Security bug in Google Chrome allows hackers to use computer microphone to surreptitiously listen to your private conversations.

Normally, a website that uses speech recognition technology gets permission from user to access mic.  There will be indication of the speech recognition in chrome.  Once the user leaves the website, chrome will stop listening to Mic.

Israeli developer Tal Ater found a security flaw in this system, while working on Speech Recognition library.

The problem is that once you grant a HTTPS-enabled website permission to use your mic, chrome will remember the choice and start listening in the future without asking permission again.

In a demo video, he showed how an attacker could leverage this functionality by launching a small hidden pop-up window that will start the speech recognition system.

Ater reported the bug to Google's Security team on Sep. 2013.  He has been nominated for the chromium's reward panel.

Category: /

Share this with Your friends: