Hackers have worked out a way to use the speech recognition in Chrome to spy on you.
Apparently, the method involves switching on your microphone using bugs in the Chrome browser.
The exploit was discovered by developer Tal Ater who found it while working on annyang, a popular JavaScript Speech Recognition library.
This allowed him to find multiple bugs in Chrome, and to come up with an exploit which combines all.
He reported the exploit to Google's security team in private on September 13. By September 19, their engineers have identified the bugs and suggested fixes. On September 24, a patch which fixes the exploit was ready, and three days later, his find was nominated for Chromium's Reward Panel.
But as time passed, and the fix didn't make it to users' desktops. A month and a half later, Ater asked the team why the fix was not released. Their answer was that there was an ongoing discussion within the Standards group, to agree on the correct behaviour - "Nothing is decided yet."
Four months later Google is still waiting for the Standards group to agree on the best course of action, and your browser is still vulnerable.
As it lies, all it takes is a user to visit a site that uses speech recognition to offer some cool new functionality.
Here is a short film of the exploit in action
by Edward Berridge via TechEye - Latest Software headlines
Posts
No comments: