Chrome Bug Can Turn Whole Pages Into Record Buttons For Eavesdroppers

Chrome Bug Can Turn Whole Pages Into Record Buttons For Eavesdroppers

We’ve seen eavesdropping issues in Chrome before, like one exploit that lets sites ask for permission to the microphone, and then keeps listening long, long after. But now a new one discovered by Guy Aharonovsky goes a step further: it triggers listening with no permission, even if your microphone is completely disabled.

The trick is deceptively simple on its face: essentially an attacker can turn an entire website into one, big, invisible record button and then just listen away. But in practice, it relies on two other tricks. The exploit makes use of Google’s old speech API that doesn’t indicate microphone use in the address bar for instance, but rather in a bubble that can be conveniently obscured from view.

Guy whipped up a (truly bizarre) demo of the exploit that’s optimised from Chrome on OS X, but claims it can be easily tweaked to run on any flavour of Chrome. Likewise, the demo leans on fullscreen mode to completely obscure the listening bubble, but that’s just a matter of convenience, not necessity.

This exploit requires quite a few things to go right in order to fool folks, but if nothing else it’s a reminder that maybe you shouldn’t be saying your passwords out loud while you’re typing them, or spilling your deepest secrets to your computer screen. [Guya via Alex Goldmark]

The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.