Help Net Security recently reported that a computer scientist at the University of waterloo has discovered a method of attack that can successfully bypass voice authentication security systems with up to a 99% success rate after only six tries.
Voice authentication – which allows companies to verify the identity of their clients via a supposedly unique “voiceprint” – has increasingly been used in remote banking, call centers, and other security-critical scenarios.
“When enrolling in voice authentication, you are asked to repeat a certain phrase in your own voice. The system then extracts a unique vocal signature (voiceprint) from this provided phrase and stores it on a server,” said Andre Kassis, a Computer Security and Privacy Ph.D. candidate and the lead author of a study detailing the research.
Olabanji Soledayo, the ESET Nigeria and Ghana cybersecurity evangelist commented that “Voice cloning technology is rapidly increasing and the speed at which cybercriminals are adopting it will soon make voice passwords redundant. Although often used as a secondary layer of authentication along with device identification or a PIN code, voices can very easily be copied with clever AI and trip simple systems into thinking a threat actor is the account owner. This is particularly worrisome when connected to financial accounts, which often tend to offer this as a layer of multi-factor authentication. Therefore, it is advised to use alternative measures in place of voice authentication as this type of cloning is only going to continually improve. Other measures such as security keys and authenticator apps still remain safer. People should also be reminded to remain vigilant of voice notes from people they know requesting money, especially if the message comes from an unknown number or source.”