While many have come to associate Google with a level of trust, open source developers will tell you that is far from the truth. It seems that they discovered that the Chrome browser, the main Google Chrome open source, has a hidden snooping code that has the capability of listening to users in front of their computers. While Google insists that they have removed the ‘opt-in’ software, there are those involved in the dark side of the cyber world that have discovered how to turn it on. This takes the concept of data security to an entire new level, beyond bits and bytes, and into the world of verbal conversations.
If you talk to Google, they will explain that the original intent of the snooping software was to support their new “OK, Google”, which allows computer response via hot-word detection for vocal instructions. They insist that the software is only activated when a user opts in. The black box code would turn on the microphone and then listen in to the room where the computer was located. This opens the door to an entire entity of ‘stealth’ software which allows anyone, anywhere, to access via the listening software, without the user’s knowledge or consent. According to open source developers, the design itself is ‘triggered’ by an unverifiable and unknown condition set.
You should be very alarmed
In a world concerned with data security, the focus has been on proprietary data, firewalls and protecting the actual contents of the drives and networks. Between viruses and malware, data recovery companies have been kept very busy, trying to ‘fix’ all of the broken pieces that are left behind in a cyberattack.
This new situation with Google Chrome is considered to be a bug, and cybercriminals are well-aware of it. The latest malicious invention to make use of the eavesdropping is fairly devious as it depends on a user visiting what most consider a safe speech recognition site that contains an ‘https’ connection. The site gets confirmation to make use of the user’s mic and once it is accepted, the site offers the ability of control via audio instructions.Â
Chrome validates that the speech connection is active and when the user is finished, they simply turn it off. All works well until you visit a speech recognition site established by a cybercriminal. All they have done is purchase a security certificate for $5, allowing them to display the ‘https’. Once permission is granted, Chrome again validates but what you don’t notice is that there is a hidden window called a popunder. This allows the main site to be closed, with the assumption that the eavesdropping is over and yet they can continue to listen without the user’s permission and without the Chrome signal validation. It seems that personal privacy has taken yet another turn into the bizarre, threatening more than just our data.
Speech recognition is the wave of the future
Speech recognition has had a long history of development, beginning in the 1950’s and 1960’s with a kind of ‘baby talk’. Even in the 70’s it was far from perfect, but when the government stepped in with a need for their DARPA program, it made lightening strides. Those in the telecommunications fields were impatient at the still slow progress for use as a common tool and by the 90’s BellSouth had a VAL format that could be used by the general population. It took Google to bring the technology to the forefront of perfection in the 2000’s and now we are quite comfortable with the many voice activated technologies that we have available. What very few know is that many computer operating systems, including Windows and Mac OS-X had speech recognition built into them.
Developers are quickly scrambling to create all types of software and mobile apps that are voice activated. While the original benefit was to help those with disabilities, the ease of acceptance and the adoption of this technology has changed the way we look at our devices. The dichotomy of the situation is that almost everyone makes use of Google Chrome as the mainstay browser, and, in a situation that one might assume was only in science fiction, the eavesdropping bug opens access for listening to personal and business conversations which are often filled with private and confidential information.
Protecting spoken words
As we move forward in our use of speech recognition we are going to be required to be diligent in understanding that audio now has the ability to be involved in cybercrime and cyber hacking. This will involve all aspects of the tools that we use: computers, smartphones, tablets and even smartwear. The best options to maintain privacy and security from cyber hackers will be to maintain vigilance as well as develop a relationship with professionals in data recovery to monitor and check, ensuring that the eavesdropping software is not present and assisting in maintaining the utmost protection of proprietary information.