Resultados 1 a 2 de 2
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,032

    [EN] Chrome browser becomes eavesdropping tool

    "As long as Chrome is still running nothing said next to your computer is private."

    Israeli coder Tal Ater found the bug while working on his own speech recognition software.

    Despite Google finding a way to fix the bug in October 2013 the update has yet to be rolled out to Chrome, he said.

    Google said the current version complied with web standards defining how speech recognition should work.
    Listening in

    "Even while not using your computer - conversations, meetings and phone calls next to your computer may be recorded and compromised," wrote Mr Ater in a blogpost explaining what he had found.

    The bug emerges when malicious sites try to subvert the way Chrome handles speech recognition, he said.

    Typically, people must manually grant permission to each site that wants to access a computer's microphone to listen in. Once permission has been granted Chrome lets people know a site is listening via a blinking red dot on the tab for that site.

    In a video accompanying the blogpost, Mr Ater showed how a malicious attacker could use specially crafted code to exploit these permissions to launch a "pop-under" window that starts the speech recognition system.

    "The malicious site you visited can continue listening in on you long after you have left it," said Mr Ater. "As long as Chrome is still running nothing said next to your computer is private."

    Google was told about the bug in September last year, said Mr Ater and soon after found a way to fix it. However, this has yet to be included in updates for Chrome.

    Mr Ater asked why Chrome remains vulnerable and was told that Google was still waiting for the World Wide Web consortium (W3C), which defines how the web develops, to make a decision about what to do.

    "The security of our users is a top priority, and this feature was designed with security and privacy in mind," said a Google spokesperson. "We've re-investigated and still believe there is no immediate threat, since a user must first enable speech recognition for each site that requests it."

    "The feature is in compliance with the current W3C specification, and we continue to work on improvements," he addedtold tech news site The Register.
    BBC News - Chrome browser becomes eavesdropping tool

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,032

    Google Chrome can listen to your conversations

    ...
    The flaw is hardly a trivial one. Most sites that use voice recognition also use secure HTTPS servers. Since the sites are supposedly secure, Chrome does not need to ask permission every time the site wants to run voice-recognition software. Under ordinary circumstances, this is a convenient way for users to interact with their favorite sites, and eliminates a tedious step.

    But it's not hard to see how a malefactor could use this feature for ill. An HTTPS certificate is not hard to come by, and programming an invisible pop-up window is well within a competent Web programmer's skill set. This could let website operators listen in on whatever you say after Chrome is closed and, if they wish, record your conversations.
    ...
    Until Google decides to implement its fix, the best way to keep yourself safe on voice-recognition sites is to use the HTTP version of a site rather than its HTTPS counterpart. This means that a site has to ask permission every time you use its voice-recognition software, and if you see something fishy, you can simply say no.
    ...
    http://www.nbcnews.com/technology/go...ons-2D11975178

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •