Article brought to you by: Catholic Online (www.catholic.org)

We are Listening to you! Voice-controlled Web sites on Google Chrome - can be hacked

By Catholic Online (NEWS CONSORTIUM)
January 23rd, 2014
Catholic Online (www.catholic.org)

In an already slightly paranoid Internet community a new -- and most unwelcome discovery has been made. A security expert has says that visitors to voice-controlled Web sites on Google Chrome can easily listen in on personal conversations, compromising users' privacy. Google has yet to implement his recommended fix.

LOS ANGELES, CA (Catholic Online) - The Israeli programmer behind the "annyang!" speech-recognition script for Web sites, Tal Ater discovered the vulnerability last year. He submitted a report through the proper Google channels, and received a response right away that engineers were addressing the issue.

In spite of these claims, Google has yet to implement it.

End world hunger with prayer and action --

Most sites that use voice recognition use secure HTTPS servers. While these sites are supposedly secure, Chrome doesn't need to ask permission every time the site wants to run voice-recognition software. Under ordinary circumstances, this is a convenient way for users to interact with their favorite sites.

It's distressing, however, how a person up to no good could use this feature for the wrong reasons. An HTTPS certificate is not hard to come by, and programming an invisible pop-up window is well within a competent Web programmer's skill set. This would enable Web site operators listen in on whatever you say after Chrome is closed and, if they wish, record your conversations.

While a clear privacy threat, it remains to be seen whether any site has actually implemented such a measure, -- or what the malefactor would learn from it. Most people do not converse with their Web browsers outside the confines of a voice-recognition page.

However, video chat and online gaming do represent a possible avenue of attack. Imagine logging in to Skype or "League of Legends" and having every word monitored by an outside agency.

At this time, the majority of video and gaming chats are of little to no interest to a potential attacker, so sorting through them would be inefficient. Targeting individual users could be a way to glean potentially compromising information, though.

The best way an individual could keep to keep safe on voice-recognition sites is to use the HTTP version of a site rather than its HTTPS counterpart. In other words, a site has to ask permission every time you use its voice-recognition software, and if you see something fishy, you can simply say no.

Voice recognition for Web site navigation is not that popular yet, but it may be soon, given the rise of computers with built-in microphones and browsers that support them. So in the meantime, be careful about speaking your passwords, Social Security number and directions to your home.

Pope Francis calls for your 'prayer and action'...

Article brought to you by: Catholic Online (www.catholic.org)