Automatic speech recognition and voice identification systems are being deployed in a wide array of applications, from providing control mechanisms to devices lacking traditional interfaces, to the automatic transcription of conversations and authentication of users. Many of these applications have significant security and privacy considerations. We develop attacks that force mistranscription and misidentification in state of the art systems, with minimal impact on human comprehension. Processing pipelines for modern systems are comprised of signal preprocessing and feature extraction steps, whose output is fed to a machine-learned model. Prior work has focused on the models, using white-box knowledge to tailor model-specific attacks. We focus on the pipeline stages before the models, which (unlike the models) are quite similar across systems. As such, our attacks are black-box and transferable, and demonstrably achieve mistranscription and misidentification rates as high as 100% by modifying only a few frames of audio. We perform a study via Amazon Mechanical Turk demonstrating that there is no statistically significant difference between human perception of regular and perturbed audio. Our findings suggest that models may learn aspects of speech that are generally not perceived by human subjects, but that are crucial for model accuracy. We also find that certain English language phonemes (in particular, vowels) are significantly more susceptible to our attack. We show that the attacks are effective when mounted over cellular networks, where signals are subject to degradation due to transcoding, jitter, and packet loss.
The growth in numbers and capacity of mobile devices such as mobile phones coupled with widespread availability of inexpensive range of services presents an unprecedented opportunity for mobile health care applications. Blood donation and transfusion service is one of the most complex management systems in health sector. Quality management of a Blood Transfusion Services (BTS) starts with safe blood donor recruitment (BDR) and donor care. In the South-East Asia Region (SEAR) almost all countries except Thailand depend heavily on replacement of blood from relatives and friends. In this paper, we present location-aware mobile phone based blood donor recruitment, information retrieval and management system that aims at ensuring the quality of the blood and increasing the efficiency of operation management. Here an attempt has been made to leverage the ubiquity and power of the standard mobile phone as a lifesaving mobile health care application, delivering more user convenience.
Privacy laws and app stores (e.g., Google Play Store) require mobile apps to have transparent privacy policies to disclose sensitive actions and data collection, such as accessing the phonebook, camera, storage, GPS, and microphone. However, many mobile apps do not accurately disclose their sensitive data access that requires sensitive ('dangerous') permissions. Thus, analyzing discrepancies between apps' permissions and privacy policies facilitates the identification of compliance issues upon which privacy regulators and marketplace operators can act. This paper proposes PermPress -an automated machine-learning system to evaluate an Android app's permission-completeness, i.e., whether its privacy policy matches its dangerous permissions. PermPress combines machine learning techniques with human annotation of privacy policies to establish whether app policies contain permission-relevant information. PermPress leverages MPP-270, an annotated policy corpus, for establishing a gold standard dataset of permission completeness. This corpus shows that only 31% of apps disclose all dangerous permissions in privacy policies. By leveraging the annotated dataset and machine learning techniques, PermPress achieves an AUC score of 0.92 in predicting the permission-completeness of apps. A large-scale evaluation of 164, 156 Android apps shows that, on average, 7% of apps do not disclose more than half of their declared dangerous permissions in privacy policies, whereas 60% of apps omit to disclose at least one dangerous permission-related data collection in privacy policies. This paper's investigation uncovers the non-transparent state of app privacy policies and highlights the need to standardize app privacy policies' compliance and completeness checking process.
This paper presents the design and the results of a cross-cultural study of user perceptions and attitudes toward electronic payment methods. We conduct a series of semi-structured interviews involving forty participants (20 in London, UK, and 20 in Manhattan, KS, USA) to explore how individuals use the mechanisms available to them within their routine payment and banking activities. We also study their comprehension of payment processes, the perceived effort and impact of using different methods, as well as direct or indirect recollections of (suspected or actual) fraud and related interactions with banks and retailers. By comparing UK and US participants, we also elicit commonalities and differences that may help better understand, if not predict, attitudes of US customers once technologies like Chip-and-PIN are rolled out-for instance, several US participants were confused by how to use it, while UK participants found it convenient. Our results show that purchasing habits as well as the availability of rewards schemes are primary criteria influencing choices relating to payment technologies, and that inconsistencies, glitches, and other difficulties with newer technologies generate frustration sometimes leading to complete avoidance of new payment methods. Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author's employer if the paper was prepared within the scope of employment.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.