University of Waterloo computer scientists have discovered an attack method that can successfully bypass voice security systems control ταυτότητας με ποσοστό επιτυχίας έως και 99% μετά από μόλις έξι προσπάθειες, γράφει το Help Net Security.
Voice authentication – which allows companies to verify the identity of their customers through a supposedly unique “voice fingerprint” – is increasingly being used in remote banking, call centers and other security-critical scenarios.
“Κατά την enrollment στον φωνητικό έλεγχο ταυτότητας, σας ζητείται να επαναλάβετε μια συγκεκριμένη φράση με τη δική σας φωνή. Στη συνέχεια, το σύστημα εξάγει μια μοναδική φωνητική υπογραφή (φωνητικό αποτύπωμα) από αυτή την παρεχόμενη φράση και την αποθηκεύει σε έναν διακομιστή”, δήλωσε ο Andre Kassis, υποψήφιος διδάκτωρ Ασφάλειας Υπολογιστών και Ιδιωτικότητας και επικεφαλής συγγραφέας της μελέτης που περιγράφει λεπτομερώς την έρευνα.
The full article*: https://www.helpnetsecurity.com/2023/07/06/voice-authentication-insecurity/
Comment from Jake Moore Global Cyber Security Consultant at ESET:
“Voice cloning technology is growing rapidly and the speed with which cybercriminals are adopting it will soon make voice passwords redundant. Although often used as an additional layer of authentication alongside device identification or a PIN, voice passwords can very easily be copied by clever AI and trick simple systems into thinking the perpetrator is the account owner . This is of particular concern when linked to financial accounts, which often tend to provide this capability as a layer of multi-factor authentication. factors. Therefore, it is recommended to use alternative measures instead of voice authentication, as this type of cloning will be continuously improved. Other measures, such as security keys and authentication applications, still remain more secure. Citizens should also be reminded to remain wary of voicemails from people they know asking for money, especially if the message is from an unknown number or source."
*Disclaimer: H ESET bears no responsibility for the accuracy of the information listed in the article.
