The Inquirer-Home

Hackers could target Chrome users' webcams, security experts warn

Criminals could access users' webcams and mics through the Getusermedia API
Tue Jul 10 2012, 15:37
Add features to Google Chrome

SOFTWARE DEVELOPER Google has announced a beta version of its Chrome web browser in a blog post today, but experts have already warned of security threats it might cause for users.

The Chrome Beta release grants web apps access to users' web cams and microphones without a plugin through the Getusermedia application programming interface (API) - a method that allows users to interact with HTML5 applications through video and audio devices.

"The Getusermedia API also allows sites to create cool new experiences that weren't previously possible in the browser. For example, Romuald Quantin and Magnus Dahlstrand at Stinkdigital have created a Magic Xylophone that you can play just by waving your hands in front of the camera," the blog post read.

However, the director of security research and communication at Trend Micro, Rik Ferguson warned that Getusermedia will be attractive to criminals.

"We have already seen both banking malware and of course targeted threats that make use of the video hardware of the victim through the installation of malware," he said.

"The criminal simply has to make a JavaScript that requests access to the video and/or audio hardware."

"Getusermedia does not rely on a local file being created and subsequently uploaded, but instead allows the broadcast of a live stream of audio or video, directly through a web page which increases the security concern."

F-Secure security advisor Sean Sullivan also highlighted the risks in the Chrome Beta release.

"I'm not as worried about 'hacking' as I am things such as click-jacking. Webcam and voice controls must be clicked to enable," he said.

"One other nagging thought I've had is to wonder if Google is being very careful with the back end code. Imagine if you were to use voice search but somehow... the mic failed to stop recording and collected too much information - à la Google Street View."

Regardless of the cautionary warnings, Google said that Getusermedia is "the first big step for WebRTC", a new real-time communications standard that aims to allow high-quality video and audio communication on the web.

Google's Chrome Beta release also brings improvements in Google Cloud Print so that printers are integrated into Chrome's print dialog.

"This will allow easier printing to Cloud Ready printers, Google Drive, Chrome on your mobile device, or even FedEx Offices," Google added. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015