February 2, 2014. Mountain View, CA. (ONN) When it comes to computer browsers, most users are only familiar with three. Internet Explorer from Microsoft is one. Free shareware Firefox is another. And Google’s Chrome is the third. But Chrome can do something the other two can’t – secretly listen to and transcribe the conversations occurring in your home without your knowledge.
Technology companies have been obsessed with ‘hands-free’ ‘voice recognition’ technology for years. They envision a Matrix-like world where computer users are too lazy to even move their fingertip to click a mouse button, flip a light switch, or turn a car key. Instead, their future has us all perpetually online, hooked up to our computers, shopping and buying things with our thoughts, voices and digital bank accounts. The capability has been around for years. And so has the ability to abuse it.
Whistleblower Comes Forward
A software developer came forward a couple of weeks ago to warn the world that the spying and listening bug in Google Chrome, while brought to their attention months ago, has yet to be fixed. The voice recognition development site Talater.com thus begins its warning to global computer users.
“By exploiting bugs in Google Chrome, malicious sites can activate your microphone and listen in on anything said around your computer, even after you’ve left those sites,” the whistleblower warns, “Even while not using your computer – conversations, meetings and phone calls next to your computer may be recorded and compromised.”
The author explains that voice recognition is the future. And nobody is pushing the technology more than Google. For evidence they write, ‘There’s no clearer evidence to this than visiting Google.com and seeing a speech recognition button right there inside Google’s most sacred real estate – the search box.’ The whistleblower describes how he or she stumbled upon Chrome’s bug while working on an online library of information accessible by voice commands. In doing so, the developer had to make sure the site worked correctly on all three commonly used internet browsers.
How it Works
As the software developer explains, tomorrow’s internet and the websites that comprise it, will have two standard options – keyboard/mouse/touch-screen or voice recognition. “Scroll up,” everyone from little kids to senior citizens might command their computer, “Click on catalog, zoom in, volume up.” Taking the technology one step further, it’s not difficult to see a society where everything from gas pumps to ATM’s no longer use cards and buttons, but only voice recognition for identification as well as transactions and payments.
The specific voice recognition technology the Google whistleblower was working on when the bug was discovered is called annyang. It’s really no more than an application or add-on comprised of a couple lines of computer code. As the Annyang site explains, ‘Annyang is a tiny Javascript library that lets your visitors control your site with voice commands. Annyang supports multiple languages, has no dependencies, weighs just 2kb and is free to use.’
In other words, websites can now install annyang. When visitors come to their site, instead of using the mouse and keyboard, they can simply say, “search” or “back” to maneuver around. In a way, it does save time and eliminates the trouble with not knowing how to spell certain words or find what they’re looking for on the site. One can definitely see some benefits in voice interaction over the traditional keyboard and mouse. But most still believe it’s more trouble than it’s worth, not to mention strange and new.
How They Can Spy on You
The whistleblower makes a point to reassure internet surfers that there doesn’t appear to be any sinister intent on Google’s part, at least none that’s readily obvious. Instead, it’s the websites each user visits that can take advantage of the Chrome bug to spy on you in your own home without your knowledge. Although one imagines that if each site can do it, so can Google, especially if the computer user is surfing the net using Google Chrome.
It works like this – Imagine you’re gaming online using your fancy new X-Box or just surfing the internet with your decade-old desktop computer. You enter a site that has voice recognition capability and you activate it upon entering the site by clicking a button simply marked ‘Voice Recognition On.’ Now, you navigate their website using only your voice. When you’re done, you either click or say ‘Voice Recognition Off’ or just leave the website. Your Google Chrome browser clearly shows that the plug-in is now off and has stopped listening, recording and transcribing all the sounds in the room where you are using your computer or smartphone.
The only problem is that while your monitor clearly shows that the listening device is ‘off’, it’s actually still on. Chrome has opened a secondary window the developer terms a ‘pop-under’ box that you can’t see. Even worse, the website you were at and allowed access to your microphone now has an open connection using the mic in your computer or phone. It’s literally listening to and transcribing every sound and conversation, including your phone calls, so long as Google Chrome is running.
Google Refuses to Fix Bug
As the whistleblower explains, there would have been no need to blow the whistle if Google had just fixed the hole in its browser when it was first brought to the company’s attention in September 2013. The warning explains, “I discovered this exploit while working on annyang, a popular JavaScript Speech Recognition library. My work has allowed me the insight to find multiple bugs in Chrome, and to come up with this exploit which combines all of them together.”
Knowing he could have sold his discovery to dishonest criminals and made a fortune, the whistleblower says, “I, of course, decided to do the right thing. I reported this exploit to Google’s security team in private on September 13. By September 19, their engineers had identified the bugs and suggested fixes. On September 24, a patch that fixes the exploit was ready. And three days later my find was nominated for Chromium’s Reward Panel (where prizes can go as high as $30,000).”
That was over four months ago and the developer says that Google has yet to fix the vulnerability. After inquiring about the delay with contacts inside the company, the whistleblower was told that Google management was still arguing over whether or not to fix the spying bug. “As of today, almost four months after learning about this issue, Google is still waiting for the Standards group to agree on the best course of action, and your browser is still vulnerable,” the whistleblower confirms.
Reassuring average computer users that the problem is with Google’s Chrome, not voice recognition software, the developer/whistleblower says, “Speech recognition has huge potential for launching the web forward. Developers are creating amazing things, making sites better, easier to use, friendlier for people with disabilities, and just plain cool…A year from now, it will feel as natural as any of the other wonders of this age.”
