5677 stories
·
0 followers

Twit

1 Share
Twit submitted by /u/Fried_Chicken_ASMR to r/facepalm
[link] [comments]
Read the whole story
tain
1 day ago
reply
Share this story
Delete

Emotion Recognition Tech Should Be Banned, Says an AI Research Institute

1 Share
An anonymous reader quotes a report from the BBC: A leading research centre has called for new laws to restrict the use of emotion-detecting tech. The AI Now Institute says the field is "built on markedly shaky foundations." Despite this, systems are on sale to help vet job seekers, test criminal suspects for signs of deception, and set insurance prices. It wants such software to be banned from use in important decisions that affect people's lives and/or determine their access to opportunities. The US-based body has found support in the UK from the founder of a company developing its own emotional-response technologies -- but it cautioned that any restrictions would need to be nuanced enough not to hamper all work being done in the area. AI Now refers to the technology by its formal name, affect recognition, in its annual report. It says the sector is undergoing a period of significant growth and could already be worth as much as $20 billion. "It claims to read, if you will, our inner-emotional states by interpreting the micro-expressions on our face, the tone of our voice or even the way that we walk," explained co-founder Prof Kate Crawford. "It's being used everywhere, from how do you hire the perfect employee through to assessing patient pain, through to tracking which students seem to be paying attention in class. "At the same time as these technologies are being rolled out, large numbers of studies are showing that there is... no substantial evidence that people have this consistent relationship between the emotion that you are feeling and the way that your face looks." "Prof Crawford suggested that part of the problem was that some firms were basing their software on the work of Paul Ekman, a psychologist who proposed in the 1960s that there were only six basic emotions expressed via facial emotions," reports the BBC. "But, she added, subsequent studies had demonstrated there was far greater variability, both in terms of the number of emotional states and the way that people expressed them."

Read more of this story at Slashdot.

Read the whole story
tain
1 day ago
reply
Share this story
Delete

Google AI Chief Jeff Dean on Machine Learning Trends To Watch in 2020

1 Share
In a wide-ranging interview with VentureBeat, Google AI chief Jeff Dean has discussed the company's early work on the use of ML to create semiconductors for machine learning, the impact of Google's BERT on conversational AI, and machine learning trends to watch in 2020. An excerpt from the interview where Dean talks about some of the trends one could expect to emerge, or milestones he thinks might be surpassed in 2020 in AI: I think we'll see much more multitask learning and multimodal learning, of sort of larger scales than has been previously tackled. I think that'll be pretty interesting. And I think there's going to be a continued trend to getting more interesting on-device models -- or sort of consumer devices, like phones or whatever -- to work more effectively. I think obviously AI-related principles-related work is going to be important. We're a big enough research organization that we actually have lots of different thrusts we're doing, so it's hard to call out just one. But I think in general [we'll be] progressing the state of the art, doing basic fundamental research to advance our capabilities in lots of important areas we're looking at, like NLP or language models or vision or multimodal things. But also then collaborating with our colleagues and product teams to get some of the research that is ready for product application to allow them to build interesting features and products. And [we'll be] doing kind of new things that Google doesn't currently have products in but are sort of interesting applications of ML, like the chip design work we've been doing. Further reading: AI R&D is Booming, But General Intelligence is Still Out of Reach.

Read more of this story at Slashdot.

Read the whole story
tain
2 days ago
reply
Share this story
Delete

AI for Peace

1 Share

This article was submitted in response to the call for ideas issued by the co-chairs of the National Security Commission on Artificial Intelligence, Eric Schmidt and Robert Work. It addresses the fourth question (part a.) which asks what international norms for artificial intelligence should the United States lead in developing, and whether it is possible to […]

The post AI for Peace appeared first on War on the Rocks.

Read the whole story
tain
2 days ago
reply
Share this story
Delete

AI R&D is Booming, But General Intelligence is Still Out of Reach

1 Share
The AI world is booming in a range of metrics covering research, education, and technical achievements, according to AI Index report -- an annual rundown of machine learning data points now in its third year. From a news writeup, which outlines some of the more interesting and pertinent points: AI research is rocketing. Between 1998 and 2018, there's been a 300 percent increase in the publication of peer-reviewed papers on AI. Attendance at conferences has also surged; the biggest, NeurIPS, is expecting 13,500 attendees this year, up 800 percent from 2012. AI education is equally popular. Enrollment in machine learning courses in universities and online continues to rise. Numbers are hard to summarize, but one good indicator is that AI is now the most popular specialization for computer science graduates in North America. Over 21 percent of CS PhDs choose to specialize in AI, which is more than double the second-most popular discipline: security / information assurance. The US is still the global leader in AI by most metrics. Although China publishes more AI papers than any other nation, work produced in the US has a greater impact, with US authors cited 40 percent more than the global average. The US also puts the most money into private AI investment (a shade under $12 billion compared to China in second place globally with $6.8 billion) and files many more AI patents than any other country (with three times more than the number two nation, Japan). AI algorithms are becoming faster and cheaper to train. Research means nothing unless it's accessible, so this data point is particularly welcome. The AI Index team noted that the time needed to train a machine vision algorithm on a popular dataset (ImageNet) fell from around three hours in October 2017 to just 88 seconds in July 2019. Costs also fell, from thousands of dollars to double-digit figures. Self-driving cars received more private investment than any AI field. Just under 10 percent of global private investment went into autonomous vehicles, around $7.7 billion. That was followed by medical research and facial recognition (both attracting $4.7 billion), while the fastest-growing industrial AI fields were less flashy: robot process automation ($1 billion investment in 2018) and supply chain management (over $500 million).

Read more of this story at Slashdot.

Read the whole story
tain
3 days ago
reply
Share this story
Delete

IoT Vuln Disclosure: Children's GPS Smart Watches (R7-2019-57)

1 Share

Executive summary

IoT Vuln Disclosure: Children's GPS Smart Watches (R7-2019-57)

As part of a recent IoT hacking training exercise, a number of Rapid7 penetration testers set out to identify vulnerabilities in a number of children's GPS-enabled smart watches under the guidance of IoT Research Lead Deral Heiland. Three different brands of watches were purchased from Amazon: Children's SmartWatch, G36 Children's Smartwatch, and SmarTurtles Kid's Smartwatch. During the investigation, it was determined that all three products shared nearly identical hardware and software, so all of the described findings affect all three watches.

While only one of these issues is a technical vulnerability—the lack of functional SMS filtering—two other issues were identified that were at least equally troubling: an undocumented default password used to associate with the devices, and a lack of transparency and communication with the retail vendors of these devices.

A lack of vendor visibility

Setting aside the technical issues for a moment, the most pressing and difficult issue to address seems to be the lack of information about the companies selling these devices and the lack of an avenue to contact them. For two of the devices, the vendors appear to exist solely as Amazon storefronts, and attempts to contact these vendors privately proved impossible. The third, SmarTurtles, does have an associated website, but there appears to be no mechanism to contact this vendor, nor is there a published privacy policy.

Consumers who are concerned with the safety, privacy, and security of their IoT devices and the associated cloud services are advised to avoid using any technology that is not provided by a clearly identifiable vendor, for what we hope are obvious reasons. The lack of a privacy policy is especially troubling in this age of CCPA and GDPR, and doubly so when it comes to technology marketed to parents of small children.

With that said, the rest of this blog post describes the products and the two remaining technical issues.

Product description

All three models of GPS watches use either SETracker or SETracker2 as the backend cloud service and mobile application for the iPhone and Android platforms. Both versions of SETracker are provided by the developer "wcr." The application indexing service AppBrain indicates that wcr is the developer account associated with 3G Elec, a Chinese company based in Shenzhen. As far as the hardware is concerned, all three devices appear to be white-label rebrands of 3G Elec's offering.

As noted above, none of the retail vendors were identifiable or contactable. While an email address was identified for 3G Elec, attempts to contact and discuss these issues were foiled by technical issues with that email address. The first attempt generated a bounce message indicating another email address as the correct contact, and that second address generated a bounce message indicating the storage limit for that address had been reached.

Findings

Aside from the communications issues described above, two technical issues were uncovered across the three GPS smart watches:

Finding 1: SMS filter bypass vulnerability

The products under test have a SMS-based interface to view and change configuration details by texting the watch directly with certain commands. The documentation states that only certain configured numbers may communicate with the watch, and those numbers are entered on a whitelist on the associated mobile app. However, in practice, this filter did not appear to be functional at all—unlisted numbers could also interact with the watch.

Incidentally, SMS filtering is a weak control even in the best of circumstances, as this originating phone number is trivially spoofable, and is therefore not recommended as a security control.

So, armed with the knowledge of a watch's assigned phone number and the configuration password (see Finding 2), unauthenticated attackers can read and write configuration details, up to and including pairing the watch with the attacker's own smartphone.

Finding 2: Undocumented default password

The watches have a default configuration password of "123456" and each of the three watches under test treat this information differently. One manual does not mention the password at all, another mentions it in a translated blog about the product (but not in the printed material), and a third doesn't characterize the string as a password nor provides any instruction on how to change it.

Exploitation and mitigation

Given an unchanged default password and a lack of SMS filtering, it is possible that an attacker with knowledge of the smart watch phone number could assume total control of the device, and therefore use the tracking and voice chat functionality with the same permissions as the legitimate user (typically, a parent).

Unfortunately, there does not appear to be any mechanism to address the SMS filtering issue without a vendor-supplied firmware update, and such an update is unlikely to materialize given that the provider of these devices are difficult to impossible to locate.

With this in mind, current users of these devices who wish to continue to use the device are urged to investigate how to update the SMS control password. Unfortunately, this process can be different per device, and the documentation can be difficult to locate.

Credit

These findings were discovered and reported by Shane Young, Carlota Bindner, Trevor O’Donnal, and Deral Heiland, all of Rapid7.

Disclosure timeline

  • November 2019: Initial findings documented
  • Tuesday, Nov. 19, 2019: First attempt at contacting 3G Elec, the upstream vendor
  • Wednesday, Dec. 11, 2019: Public disclosure (planned)

Learn More About Our IoT Security Testing Services

Get Started

Read the whole story
tain
4 days ago
reply
Share this story
Delete
Next Page of Stories