Shazam for Mac leaves the mic on after the app is turned off (updated)
The company has an update in the works, but it says the action helps improve performance.
Shazam brought its music-searching chops to the Mac over two years ago, but former NSA hacker and Mac security guru Patrick Wardle revealed this week that the app has a big flaw. With the version of the app for Apple desktops, the software keeps a computer's microphone on after it a user turns it off. That's right, the microphone on a Mac was still hot even after Shazam performed its duties and users flipped the switch. The company says it isn't recording or saving anything, processing your conversations or storing what it overhears on its servers.
According to Shazam's vice president of global communications James Pearson, this is a feature and not a bug. If you'll recall, the always on nature of the app was touted during its announcement, a tool that would continue to run the company's identification methods in the background if you allowed it to do so. However, even with the software is specifically toggled "off," the mic is still on. Shazam only does this inside the Mac app, so if you're using it elsewhere, other versions don't work the same way.
"If the mic wasn't left on, it would take the app longer to both initialize the mic and then start buffering audio," Person explained to Motherboard. He went on to say that if the microphone wasn't on, the user experience would suffer, causing users to "miss out" on whatever song they wanted to get more info on.
So, what if a hacker wanted to get their hands on the data that would allow them to listen in from your Mac? Well, Shazam claims that can't happen. The company's chief product officer Fabio Santini told CNET that the method the app uses to identify songs uses "fingerprints" or pieces of the audio that are then matched to other "fingerprints" in its database.
"Those points can't be reverse-engineered to reconstruct original audio," Santini said.
Never say never, Shazam. In response to this week's revelation, the company plans to "address" the issue in an upcoming update which will be released "within the next few days." Again, Shazam says that there's no risk to users with the app's current configuration. Wardle argues that a piece of malware could be engineered to pull audio from a Mac's microphone without having to turn it on.
Continue Reading at Engadget;
No comments