Google Chrome’s speech recognition library has been used for many different things since it was released, and not always with the user’s permission. The Chrome based recognition has some vulnerability to hackers who are able to use one of multiple bugs and exploits out there to remotely turn on a microphone, and listen in to users.
Since many marketers use audio with making advertisements, videos or even just to communicate with clients, this is quite a significant risk. Especially given the fact that there may be very sensitive information being discussed in the room.
While these types of vulnerabilities aren’t exactly rare in the rapidly advancing technology world, it is somewhat odd that Google hasn’t fixed this one. The flaw was reported to Google’s security team back on September 13, 2013 by a developer named Tal Ater. After he reported it, he was even nominated for the Chromium Reward Panel, which is used to ‘thank’ people who find and report significant bugs.
The problem, however, is that even though a patch was developed to fix the problem, it has never been released. When Ater contacted Google again to inquire why the patch hasn’t been published, he was told that Google was having ongoing discussions with their standards group on how to fix the problem, but that nothing was yet decided.
After more than four months, this is still a vulnerability that anyone using the Chrome web browser is exposed to. Why Google doesn’t seem to be putting this fix on the fast track like they normally would for hacker vulnerabilities is unclear.
While certainly not a threat on the same level as some vulnerability, it is something many people should be concerned with. With a growing number of people using microphones on their computers, there are potentially millions of people who could be being listened in on, and the hackers could use the information gathered for any number of nefarious reasons.
What are your thoughts on this exploit? Why do you think it still hasn’t been patched? Share your thoughts in the comments below.