56 research outputs found
Digital Deception: Generative Artificial Intelligence in Social Engineering and Phishing
The advancement of Artificial Intelligence (AI) and Machine Learning (ML) has
profound implications for both the utility and security of our digital
interactions. This paper investigates the transformative role of Generative AI
in Social Engineering (SE) attacks. We conduct a systematic review of social
engineering and AI capabilities and use a theory of social engineering to
identify three pillars where Generative AI amplifies the impact of SE attacks:
Realistic Content Creation, Advanced Targeting and Personalization, and
Automated Attack Infrastructure. We integrate these elements into a conceptual
model designed to investigate the complex nature of AI-driven SE attacks - the
Generative AI Social Engineering Framework. We further explore human
implications and potential countermeasures to mitigate these risks. Our study
aims to foster a deeper understanding of the risks, human implications, and
countermeasures associated with this emerging paradigm, thereby contributing to
a more secure and trustworthy human-computer interaction.Comment: Submitted to CHI 202
Useful shortcuts: Using design heuristics for consent and permission in smart home devices
Prior research in smart home privacy highlights significant issues with how users understand, permit, and consent to data use. Some of the underlying issues point to unclear data protection regulations, lack of design principles, and dark patterns. In this paper, we explore heuristics (also called âmental shortcutsâ or ârules of thumbâ) as a means to address security and privacy design challenges in smart homes. First, we systematically analyze an existing body of data on smart homes to derive a set of heuristics for the design of consent and permission. Second, we apply these heuristics in four participatory co-design workshops (n = 14) and report on their use. Third, we analyze the use of the heuristics through thematic analysis highlighting heuristic application, purpose, and effectiveness in successful and unsuccessful design outcomes. We conclude with a discussion of the wider challenges, opportunities, and future work for improving design practices for consent in smart homes
âIt becomes more of an abstract idea, this privacyââInforming the design for communal privacy experiences in smart homes
In spite of research recognizing the home as a shared space and privacy as inherently social, privacy in smart homes has mainly been researched from an individual angle. Sometimes contrasting and comparing perspectives of multiple individuals, research has rarely focused on how household members might use devices communally to achieve common privacy goals. An investigation of communal use of smart home devices and its relationship with privacy in the home is lacking. The paper presents a grounded analysis based on a synergistic relationship between an ethnomethodologically-informed (EM-informed) study and a grounded theory (GT) approach. The study focuses on household membersâ interactions to show that household membersâ ability to coordinate the everyday use of their devices depends on appropriate conceptualizations of roles, rules, and privacy that are fundamentally different from those embodied by off-the-shelf products. Privacy is rarely an explicit, actionable, and practical consideration among household members, but rather a consideration wrapped up in everyday concerns. Roles and rules are not used to create social order, but to account for it. To sensitize to this everyday perspective and to reconcile privacy as wrapped up in everyday concerns with the design of smart home systems, the paper presents the social organization of communal use as a descriptive framework. The framework is descriptive in capturing how households navigate the âmurky watersâ of communal use in practice, where prior research highlighted seemingly irreconcilable differences in interest, attitude, and aptitude between multiple individuals and with other stakeholders. Discussing how householdsâ use of roles, rules, and privacy in-practice differed from what off-the-shelf products afforded, the framework highlights critical challenges and opportunities for the design of communal privacy experiences
Security should be there by default: Investigating how journalists perceive and respond to risks from the Internet of Things
Journalists have long been the targets of both physical and cyber-attacks from well-resourced adversaries. Internet of Things (IoT) devices are arguably a new avenue of threat towards journalists through both targeted and generalised cyber-physical exploitation. This study comprises three parts: First, we interviewed 11 journalists and surveyed 5 further journalists, to determine the extent to which journalists perceive threats through the IoT, particularly via consumer IoT devices. Second, we surveyed 34 cyber security experts to establish if and how lay-people can combat IoT threats. Third, we compared these findings to assess journalists' knowledge of threats, and whether their protective mechanisms would be effective against experts' depictions and predictions of IoT threats. Our results indicate that journalists generally are unaware of IoT-related risks and are not adequately protecting themselves; this considers cases where they possess IoT devices, or where they enter IoT-enabled environments (e.g., at work or home). Expert recommendations spanned both immediate and long-term mitigation methods, including practical actions that are technical and socio-political in nature. However, all proposed individual mitigation methods are likely to be short-term solutions, with 26 of 34 (76.5%) of cyber security experts responding that within the next five years it will not be possible for the public to opt-out of interaction with the IoT
Further Exploring Communal Technology Use in Smart Homes: Social Expectations
Device use in smart homes is becoming increasingly communal, requiring
cohabitants to navigate a complex social and technological context. In this
paper, we report findings from an exploratory survey grounded in our prior work
on communal technology use in the home [4]. The findings highlight the
importance of considering qualities of social relationships and technology in
understanding expectations and intentions of communal technology use. We
propose a design perspective of social expectations, and we suggest existing
designs can be expanded using already available information such as location,
and considering additional information, such as levels of trust and
reliability.Comment: to appear in CHI '20 Extended Abstracts, April 25--30, 2020,
Honolulu, HI, US
âIt becomes more of an abstract idea, this privacyâ â Informing the design for communal privacy experiences in smart homes
In spite of research recognizing the home as a shared space and privacy as inherently social, privacy in smart homes has mainly been researched from an individual angle. Sometimes contrasting and comparing perspectives of multiple individuals, research has rarely focused on how household members might use devices communally to achieve common privacy goals. An investigation of communal use of smart home devices and its relationship with privacy in the home is lacking. The paper presents a grounded analysis based on a synergistic relationship between an ethnomethodologically-informed (EM-informed) study and a grounded theory (GT) approach. The study focuses on household membersâ interactions to show that household membersâ ability to coordinate the everyday use of their devices depends on appropriate conceptualizations of roles, rules, and privacy that are fundamentally different from those embodied by off-the-shelf products. Privacy is rarely an explicit, actionable, and practical consideration among household members, but rather a consideration wrapped up in everyday concerns. Roles and rules are not used to create social order, but to account for it. To sensitize to this everyday perspective and to reconcile privacy as wrapped up in everyday concerns with the design of smart home systems, the paper presents the social organization of communal use as a descriptive framework. The framework is descriptive in capturing how households navigate the âmurky watersâ of communal use in practice, where prior research highlighted seemingly irreconcilable differences in interest, attitude, and aptitude between multiple individuals and with other stakeholders. Discussing how householdsâ use of roles, rules, and privacy in-practice differed from what off-the-shelf products afforded, the framework highlights critical challenges and opportunities for the design of communal privacy experiences
ContextâSensitive Requirements and Risk Management with IRIS
Many systems are not designed for their contexts of operation. Subtle changes to context may lead to an increase in severity and likelihood of vulnerabilities and threats. The IRIS framework integrates the notion of context into requirements and risk management, by means of an integrated meta-model, design method, and software prototype. By applying this framework, requirements and risk analysis can be better situated for system contexts of operation
- âŠ