Programmer goes public four months after company failed to fix exploit. A whistleblower who privately informed Google four months ago that their Chrome browser had the ability to record conversations without the user’s knowledge has gone public after the tech giant failed to fix the issue.
In the video above, the programmer explains how Google Chrome’s speech recognition function remains operational even after the user has left the website on which they gave permission for the browser to record their voice.
“When you click the button to start or stop the speech recognition on the site, what you won’t notice is that the site may have also opened another hidden pop under window. This window can wait until the main site is closed, and then start listening in without asking for permission. This can be done in a window that you never saw, never interacted with, and probably didn’t even know was there,” writes the whistleblower.
The video shows a pop-under browser window recording and typing the programmer’s words as she speaks. The window can be disguised as an advertising banner so the user has no indication that Chrome is listening to their voice, whether that be on the phone, talking to someone on Skype, or merely having a conversation with someone near the computer.
The exploit is a “serious security breach” that has compromised the privacy of millions of Google Chrome users, according to the programmer, who warns, “as long as Chrome is still running, nothing said next to your computer is private.”
The exploit turns Google Chrome into an “espionage tool,” adds the programmer, noting that the recording function can be activated by the use of sensitive keywords and be passed on “to your friends at the NSA.”
The programmer reported the exploit to Google on September 19 last year and was met with assurances that it would be quickly fixed. However, despite apparently fixing the bug within two weeks, the update was never released to Chrome users, with Google telling the programmer, “Nothing is decided yet.”
As far back as 2006, we warned that computers would use in-built microphones to spy on users. We also revealed how digital cable boxes had embedded microphones that had the capability of recording conversations since the late 1990′s.
As we have previously highlighted, terms of agreement for both Android and iPhone apps now require users to agree to allow their microphone to be activated at any time without confirmation before they can download the app.
Facebook’s term’s of agreement also allow the social network giant to record your phone calls, read your phone’s call log and “read data about contacts stored on your phone, including the frequency with which you’ve called, emailed or communicated in other ways with specific individuals.”
We are now fully ensconced in a world that even George Orwell would have laughed off as inconceivable. Embedded microphones in everything from Xbox Kinect consoles to high-tech street lights that can record private conversations in real time represent the final nail in the coffin of privacy.