There is a body of thought that wants to have our devices always listening to us so that they can respond to our utterances and commands. But that body of thought contains an implicit premise that we’d like to be in control of when our devices are listening. Or rather, we’d like to think we’ve turned that always listening feature off. Certainly that’s technologically feasible to do, but then it is also possible to override that. At least that’s what developer Tal Ater discovered with a bug in Google’s Chrome Browser.
We’ve heard stories about others being able to remotely turn on cameras and microphones before. And in today’s environment of heightened concerned about privacy and security, any twitch that someone may be using prying eyes or ears to gather our data rings big alarms. The bug that Ater dug up is an exploit that would allow malicious websites to keep listening long after you think you’ve left the site by closing a browser tab. Check out the video of the exploit in action:
Ater points out several key points. First, giving an app permission to use the microphone typically displays an indicator when the mic is on and recording. That indicator goes off when you choose to close the microphone or that Tab. Second, the microphone may not be turned off. By giving that app or site permission to use the microphone every instance, including those running unseen in the background can use the microphone. A pop under window, which may be disguised as a banner ad or some other distraction, can record and transcribe what you or anyone else is saying once the exploit is in play. Third, the malicious code could be programmed to listen for certain keywords. Fourth, the transcribed text is heading to Google’s servers for that transcription and then possibly to any destination that a malefactor may wish to send it to.
Ater reported this to Google four months ago and Google acknowledged the bug, but as of yet this has not been fixed. The bug actually was nominated for a Chromium Reward and according to Ater, Google’s engineers fixed it within two weeks time. But the fix didn’t make it into circulation. Apparently Google’s Standards Group is still trying to figure out how to deal with this before rolling out a fix to users.
So, if you are using speech recognition on your Chrome browser you might want to be careful about your conversations until Google decides to rectify the situation. But then again, maybe a few choice words spoken in Google’s direction might speed things up a bit.