Bugs in Chrome Allow Others to Listen in on Your Private Conversations
Voice recognition technology has advanced significantly in recent years and it would not be long that, in addition to traditional input methods, we will be issuing commands to our computers simply by speaking to it. In fact, if you go to Google.com, on the search bar itself, you will find an option that lets you search by voice.
However, a developer has discovered bugs that will allow sites to listen in your conversations, for extended periods of time without you knowing. The video above shows how.
Basically, when a site wants to use your microphone, it will seek your permission. And when the microphone is recording, there will be a blinking red light in the corresponding browser tab and a camera icon in the address bar. However, the demo above shows that despite having left the site, the microphone is actually still activated and recording.
The problem is that once permission is granted to the site, every instance of the site has permission, even windows that pop up unnoticed in the background. It is using such pop-up windows that sites can listen in without your knowledge. It can even be programmed to be dormant until specific key words are uttered.
There are two workarounds to this, one is to manually revoke the microphone permission and the other is to close Chrome completely and relaunch it. But neither is obvious to the user since he or she does not know the microphone is still recording in the first place.
More worryingly, despite informing Google of this flaw back in September last year, Google has yet to issue a fix. They also said that they have investigated the problem but believe it to pose "no immediate threat" since users must first enable speech recognition and grant the website permission. Google also added that this is in compliance with current W3C standards.