Confidentiality
Typing with your voice? It goes without saying that you should take some precautions and avoid giving away your secrets.
January 3, 2024
•
,
4 minutes. read
Software that quickly and effortlessly converts spoken words into written text has been a boon to many of us. His abilities are useful in various situations; for example, they can save us from having to type our messages into chat apps, make it easier to take notes in meetings and interviews, and help people with disabilities.
On the other hand, the proliferation of AI-powered audio-to-text transcription software continues to raise security and privacy concerns – and for good reason. In this article, we’ll look at some key security considerations associated with these apps and recommend simple steps to mitigate potential risks.
Risks associated with audio transcription applications
Confidentiality
There are a number of dedicated apps and bots that offer automated audio-to-text transcription. Indeed, at least some of these features are also built into many devices and their operating systems, as well as popular chat and video conferencing apps.
The functionalities, which rely on voice recognition and machine learning algorithms, can be provided either by the company behind the application or, particularly where efficiency and speed are essential, by a third-party service. This last point in particular also raises many questions regarding data privacy.
Will audio be used to improve the algorithm? Will it be stored on servers, internal or third-party, when the content is processed? How is the transmission of this information secure, particularly in cases where audio processing is outsourced?
Meanwhile, manual transcription, carried out by humans, is clearly not without privacy risks either. This is particularly the case if the people transcribing the audio become aware of confidential information about individuals and/or if this information is shared with third-party processors without the users’ consent. For example, Facebook (now Meta) faced controversy in 2019 for paying hundreds of contractors to transcribe audio messages from certain users’ voice chats on Messenger.
Data collection and storage
Many apps of all kinds ask for permissions to access various information about the device or user, such as location, contacts, chats in messaging apps, whether they are there or not. need such permissions for their functionality. Collecting this information poses a risk if it is misused, shared with third parties without the user’s informed consent, or if it is not properly secured on the servers of the company storing it.
Audio transcription apps, for example, tend to collect audio files that often capture the words spoken not only by a person, but possibly also by those of their loved ones, friends, and colleagues. Ultimately, they can make them vulnerable to cyberattacks or privacy breaches.
Malicious applications
If you are looking for text-to-speech software, you should also be wary of scam apps or chatbots. Cybercriminals also follow the latest trends and given the increasing popularity of this software, they might launch fake applications to lure their victims with malware.
These malicious apps may be copycats of legitimate apps, making it difficult for users to separate the wheat from the chaff. Fake apps can be very successful in their malicious mission if you don’t check the legitimacy of the app or who is behind it, let alone review its privacy policy.
Cybercriminals have been spotted deploying impostors for popular utility programs such as file converters and readers, video editors, and keyboard apps. In fact, we have seen various malicious applications claiming to offer various functionalities, from PDF and QR code readers to language translators and image editors.
Information theft
Stolen audio and text files can be used as weapons for cyberattacks, including those involving audio fakes this can then be exploited for social engineering attacks or for the spread of fake news.
The process typically involves two steps: training the machine learning model and using the model itself. First, the model uses audio signal processing and natural language processing techniques to learn how words are pronounced and how sentences are structured. Once the model has been trained with enough data, it will be able to generate text from an audio file.
An attacker could use this model to manipulate stolen audio files and make victims say things they never said, including to blackmail, extort or pretend to be them in order to deceive their employers or loved ones. They could also pose as public figures to generate fake news.
Stay safe
Use verified service providers that follow regulations like GDPR and industry best practices, and purchase your apps from official mobile app stores. In other words, avoid unknown or unverified sources that could expose you to malicious impostors.
Review the privacy policies of service providers, paying particular attention to sections about whether your voice data is stored and shared with third parties, who has access to it, and whether it is encrypted during transmission and storage. Ask about their data retention policies, as well as whether any of your information is deleted upon request. Ideally, you would not use services that collect such data or whose data is not anonymized.
- Avoid sharing sensitive information
Avoid sharing confidential or sensitive information, including things like passwords or financial information, through text-to-speech software.
Keep all your software up to date with the latest security updates and patches. to avoid falling victim to attacks exploiting software vulnerabilities. To further strengthen your protection, use reputable, multi-layered security software.