Are There Hackers Listening to You?

Alexander Freund

Tech savvy individuals and businesses alike have moved away from traditional Internet browsers such as Microsoft’s Internet Explorer and Apple’s Safari to Google’s Chrome browser. After all, many people enjoy having a simplistic, yet powerful web browser that easily integrates it’s Google Docs tools and Gmail email service. However, users may want to think twice about using the browser now that a new YouTube video has surfaced entitled “Chrome Bug Lets Sites Listen to Your Conversations.” In the video, user Tal Ater walks through a very dangerous exploit that allows anyone to access your microphone through Google’s voice recognition software embedded in Chrome.

Working as an Israeli programmer, Ater first discovered the problem while working on a JavaScript Speech Recognition library called “annyang”. After finding multiple bugs in Chrome, it was discovered that they could allow malicious websites or hackers the ability to stealthily record anything that was said anywhere near the computer running Chrome. Even more interesting is the fact it could lay dormant and only activate upon certain keywords being said.

In what may turn out to be the most disturbing part of this story, Ater alerted Google’s security team privately to this issue back on September 13, 2013, and the team readily acknowledged its existence only six days later on the 19th. Google’s team had a patch that fixed the exploit on September 24th, and Ater was nominated by Chromium’s Reward Panel for the find. Problem solved, right? Not so fast.

Within just two weeks of Ater reporting the bug, Google’s engineers had confirmed the exploit and fixed it. But as the weeks passed, the fix was still not being released to desktop users. Six weeks after the initial inquiry into the matter, Ater again contacted the team at Google to ask why the exploit had not been fixed across the board. They responded in a rather convoluted manner. They stated that an ongoing discussion was going on within the “Standards” group, but nothing has been decided.

Finally, after four months of no response and a feeling of being stonewalled by Google, Ater released a video exposing the exploit to the world on January 22, 2014. The question still remains however if Google plans on releasing the patch they have been sitting on for 4 months. Now that Ater has exposed the inherent dangers to the world, let’s hope that Google makes the correct decision to rapidly deploy the fix.

With all the great technology available out there, users are constantly bombarded with situations where the security of their company’s data is on the line. For assistance in finding solutions that will keep your information safe, consider giving 4it a call at (305) 278-7100. Our thorough monitoring and maintenance program finds and eliminates potential problems before they become situations. We also offer a Unified Threat Management device that can provide an additional layer of security to help you keep malicious entities out of your network. The professionals at 4it have a solution for all of your data security needs.

Share this post