light bulb

Did You Know?



Reply
Posts: 4,437
Topics: 2,763
Kudos: 5,436
Registered: ‎06-12-2013

Chrome hack lets websites keep listening after you close the tab

Toying around with voice-recognition apps, developer Tal Ater noticed something strange. Because of a quirk in Chrome's microphone settings, any site enabled for voice-recognition could use a pop-up window to keep recording almost indefinitely, hidden in the background. In Ater's demonstration, he closes the tab and continues talking, only to reveal a pop-up behind the main Chrome window, transcribing everything he says. It's an unsettling thought: could a malicious site use Chrome to listen in on users' offline conversations?

The core of the problem is Chrome's microphone permissions policy. Once you've given an HTTPS-enabled site permission to use your microphone in Chrome, every instance of the site has permission, even windows that pop up unnoticed in the background. And since the code is running in a different window, it won't set off any of Chrome's recording icons. By all appearances, the site won't be accessing the computer at all. The only sure defense is to manually revoke the microphone permission, which most users would never think to do.

Ater first reported the bug to Google back in September, even coding up a proof-of-concept. The bug was nominated for a Chromium Reward, but while Google's engineers easily isolated the problem, their fix still hasn't made it to user desktops. Reached for comment, a Google spokesperson said, "we’ve re-investigated and still believe there is no immediate threat, since a user must first enable speech recognition for each site that requests it. The feature is in compliance with the current W3C standard, and we continue to work on improvements."

Beyond Chrome, there may be an even larger problem at work as the new class of apps require ever more invasive permissions. In-browser services like Hangouts are more convenient when users don't have to reauthorize the microphone for each session, but those blanket permissions can create a real privacy problem. And as the apps become more common, the privacy problem grows with them. For Ater, that's what makes the bug so serious. "Authorizing a site to use speech recognition will soon be as common as talking to Siri," he told The Verge. If you're worried about keeping control of your computer's microphone, that may be a troubling thought.

 

Source Article

 

Interesting video, despite the on screen indications she was still being recorded.

Sr. Community Leader

Posts: 5,697
Kudos: 4,594
Registered: ‎10-28-2012

Re: Chrome hack lets websites keep listening after you close the tab

Huge hole and a great reminder.  Thanks for sharing this!


David, (shorTcircuiT)

      

New to the Community? Register now and start posting!



Helpful Webroot Links:


Download (PC)   Download (Best Buy Subscription)   Submit Trouble Ticket   Account Console   User Guides   



"If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!"

WSA-Complete (Beta PC), WSA Mobile (Android), WSA Business Mobile (Android) WSA-Endpoint (PC- Some of the time.....)
Posts: 4,525
Topics: 79
Kudos: 3,313
Registered: ‎11-27-2013

Re: Chrome hack lets websites keep listening after you close the tab

Oh my Goodness..thank you for sharing this!
Sherry

   

Helpful Webroot Links:


Download (PC) | Download (Best Buy Subscription) | Submit Trouble Ticket | Account Console | User Guides |

BrightCloud URL lookup

Register and Introduce yourself to The Community!


Mac / Yosemite(10.10.1), IPads, PCs,W7Pro & W 8.1 R Pro. Windows 7 Pro on Lenovo & W/Vista Ultimate on Gateway Laptop.
(WSAC 5 PC,WSA Business)W/10 Preview