ExtremeHacking
Today : | Time : | safemode : ON
> / Main Website / Cyber Surakha Abhiyan / Hackers Charity / Linkedin / facebook / twitter /
Name Author Perms Com Modified Label

Google Chrome vulnerability allows Websites to Eavesdrop on You Unknown rwxr-xr-x 0 4/12/2014

Filename Google Chrome vulnerability allows Websites to Eavesdrop on You
Permission rw-r--r--
Author Unknown
Date and Time 4/12/2014
Label
Action
Ethical Hacking Institute in Pune
./Arizona Team 




















Just imagine, you are sitting in front of your laptop and your laptop is listening to your nearby conversations. What if the recorded audio from the system’s microphone is being instantly uploaded to a malicious website?

Google has created a speech-recognition Application Programming Interface (API) that allows websites to interact with Google Chrome and the computer’s microphone allows you to speak instead of typing into any text box, to make hands-free web searches, quick conversions, and audio translator also work with them.

In January, a flaw was discovered in Google Chrome that enabled malicious websites with speech recognition software to eavesdrop on users’ conversations from background without their knowledge using an outdated Google speech API.


CHROME IS LISTENING YOU
A new similar vulnerability in Google Chrome has been discovered by Israeli security researcher, Guy Aharonovsky, claimed that the Chrome’s speech-recognition API has a vulnerability that allows attackers to turn victim's machine into a listening port without asking for any permission, even if your microphone is completely disabled.

"Even blocking any access to the microphone under chrome://settings/content will not remedy this flaw." he said in a blog post.

Reported vulnerability exploits the “-x-webkit-speech” feature of Chrome’s speech-recognition API and allows a malicious web application to eavesdrop in the background without any indication to the user that their microphone is enabled.

He has also published a Proof-of-Concept webpage and a video demonstration, designed to work on Chrome for Mac operating system, but the exploit only works for Chrome for any operating system.
In demonstration, he has used HTML5 full screen feature to the indication box.




“In Chrome all one need in order to access the user’s speech is to use this line of HTML5 code: <input -x-webkit-speech="" /> that’s all; there will be no fancy confirmation screens.

When the user clicks on that little grey microphone he will be recorded. The user will see the ‘indication box’ telling him to “Speak now” but that can be pushed out of the screen and / or obfuscated.”

He has reported the flaw to Google via Chromium bug tracker. They confirmed the existence of the vulnerability, but assigned it 'low' severity level, that means Google will not offer any immediate fix for this flaw.

www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking, IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune
 

Cyber Suraksha Abhiyan | Sadik Shaikh © 2015 Sadik Shaikh | CEH V9 | ETHICAL HACKING Course Training Institute in India-Pune
Extreme Hacking Template design by Sadik Shaikh | Cyber Suraksha Abhiyan