It appears that PCs are not only able to spy on you via cameras, but they\u2019re also able to listen in on you on as well, and in a discreet manner! The only requirements are Google Chrome must be installed on a user\u2019s PC and it must have a microphone.<\/p>\n
It comes as no surprise that modern websites are capable of interacting with a wide range of PC peripherals. Of course, a user has to give consent, but that process is usually pretty easy and involves just one click of the \u2018Yes\u2019 button. For instance, in order to upload a photo to a social network profile, one just needs to confirm the pop-up request coming from the website and allow the built-in camera to take a picture. In order to prevent the website from abusing the rights granted by the user, the browser needs to take them away from the webpage. But could it be true that the web resource, without the user\u2019s consent, is continuing to control some of the PC functions<\/a>?<\/p>\n Tal Ater, an Israeli software developer, proved that there is a good chance of this happening. The vulnerability he found in the code of the popular Google Chrome browser, if exploited by a cybercriminal, might turn an ordinary PC into the perfect resource for spying on a user. The only thing they have to do is lure the user<\/a> into taking advantage of a voice recognition capability and allow the website to turn on the microphone on a single occasion. From that moment on, the criminal is able to record the sound via microphone, even after the page has been closed. In addition to that, a red blinking indicator on the web browser bar task, which serves as a notice that a recording is in progress, conveniently turns off, leading the user to believe the recording has ended.<\/p>\n To present his proof of discovery, Ater recorded a 4-minute video<\/a>. It shows perfectly how a user opens and closes a compromised webpage, which uses speech-to-text capabilities, but then continues to record the sound in background mode. The sound data is then sent to Google servers to be converted into text, and then returned to fall into the criminal\u2019s waiting hands.<\/p>\n To make matters worse, the majority of speech-aware websites use a protected https connection. In these cases, Chrome remembers that the page was allowed to use the microphone previously and does not ask for permission again the next time. Moreover, this vulnerability could be tweaked so that certain words are used as triggers to start recording automatically. A ready-made tool for spying on people<\/a>!<\/p>\n