Can Humans Detect Malicious Always-Listening Assistants? A Framework for Crowdsourcing Test Drives-Reference-Cited by-同舟云学术

Can Humans Detect Malicious Always-Listening Assistants? A Framework for Crowdsourcing Test Drives

Published:2022-11-07 Issue:CSCW2 Volume:6 Page:1-28
ISSN:2573-0142
Container-title:Proceedings of the ACM on Human-Computer Interaction
language:en
Short-container-title:Proc. ACM Hum.-Comput. Interact.

Author:

Malkin Nathan¹,Wagner David¹,Egelman Serge²

Affiliation:

1. University of California, Berkeley, Berkeley, CA, USA

2. University of California, Berkeley, USA & International Computer Science Institute, Berkeley, CA, USA

Abstract

As intelligent voice assistants become more widespread and the scope of their listening increases, they become attractive targets for attackers. In the future, a malicious actor could train voice assistants to listen to audio outside their purview, creating a threat to users' privacy and security. How can this misbehavior be detected? Due to the ambiguities of natural language, people may need to work in conjunction with algorithms to determine whether a given conversation should be heard. To investigate how accurately humans can perform this task, we developed a framework for people to conduct "Test Drives" of always-listening services: after submitting sample conversations, users receive instant feedback about whether these would have been captured. Leveraging a Wizard of Oz interface, we conducted a study with 200 participants to determine whether they could detect one of four types of attacks on three different services. We studied the behavior of individuals, as well as groups working collaboratively, and investigated the effects of task framing on performance. We found that individuals were able to successfully detect malicious apps at varying rates (7.5% to 75%), depending on the type of malicious attack, and that groups were highly successful when considered collectively. Our results suggest that the Test Drive framework can be an effective tool for studying user behaviors and concerns, as well as a potentially welcome addition to voice assistant app stores, where it could decrease privacy concerns surrounding always-listening services.

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications,Human-Computer Interaction,Social Sciences (miscellaneous)

Link

https://dl.acm.org/doi/pdf/10.1145/3555613

Reference71 articles.

1. Noura Abdi , Kopo M. Ramokapane , and Jose M. Such . 2019. More than Smart Speakers : Security and Privacy Perceptions of Smart Home Personal Assistants . In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019 ). USENIX Association. https://www.usenix.org/conference/soups 2019 /presentation/abdi Noura Abdi, Kopo M. Ramokapane, and Jose M. Such. 2019. More than Smart Speakers : Security and Privacy Perceptions of Smart Home Personal Assistants. In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019). USENIX Association. https://www.usenix.org/conference/soups2019/presentation/abdi

2. Rebecca Adaimi , Howard Yong , and Edison Thomaz . 2021 . Ok Google, What Am I Doing? Acoustic Activity Recognition Bounded by Conversational Assistant Interactions . Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. , Vol. 5 , 1, Article 2 (March 2021). https://doi.org/10.1145/3448090 10.1145/3448090 Rebecca Adaimi, Howard Yong, and Edison Thomaz. 2021. Ok Google, What Am I Doing? Acoustic Activity Recognition Bounded by Conversational Assistant Interactions. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. , Vol. 5, 1, Article 2 (March 2021). https://doi.org/10.1145/3448090

3. ProtectMyPrivacy

4. Amazon. [n. d.]. Alexa Simulator. https://developer.amazon.com/en-US/docs/alexa/devconsole/alexa-simulator.html Amazon. [n. d.]. Alexa Simulator. https://developer.amazon.com/en-US/docs/alexa/devconsole/alexa-simulator.html

5. Music, Search, and IoT