Bugged and tapped conversations have been used throughout history by all kinds of people from allies to enemies, heroes to villains, and detectives to outlaws. History would tell quite a different story if bugged conversations did not exist, but what about your own conversations? Could your computer microphone be the bug in your home or office? Unauthorized sites could be using a glitch in Google Chrome’s voice command to record your private conversations right from your own computer, compromising personal and company information.
Tal Ater, a web developer, discovered the glitch in Google Chrome’s voice command in mid September of last year. Ater then reported the problem to Google.
“I reported this exploit to Google’s security team in private on September 13. By September 19, their engineers identified the bugs and suggested fixes.”
Within two weeks, Google was able to create a patch for the problem. So all is as it should be, correct?
After waiting a month and a half, Ater did not see any changes made to the user’s desktop. Realizing the need for this glitch in voice command to be rectified, Ater contacted Google again inquiring about the delay. Not long after, Ater received an answer from Google. “There was an ongoing discussion within the Standards group, to agree on the correct behavior- ‘Nothing is decided yet.’”
How are information prowlers using Google Chrome?
After you give permission to the visited site to use your microphone, the glitch in Chrome’s voice command gives access not only to the site, but also to hidden pop-under windows sometimes disguised as an advertisement banner. After shutting down voice command, the pop-under window can continue to “listen” in without any evidence that the voice command is still recording. Google’s voice command records your conversation from “speech-to-text” and sends back your conversation in text form to the malicious pop-under window, highlighting key words that you may have spoken during the recorded conversation with your coworker, lawyer, or kids, creating an information smorgasbord for microphone prowlers by sending your conversation directly to the permitted websites!
An answer is still being formed by Google’s Standards group in regards to an implementation of the solution to the major glitch in voice control.