Computer scientists at the University of Waterloo have discovered an attack method that can successfully bypass voice authentication security systems with a success rate of up to 99% after just six attempts, writes Help Net Security.
Voice authentication – which allows companies to verify the identity of their customers through a supposedly unique “voice fingerprint” – is increasingly being used in remote banking, call centers and other security-critical scenarios.
“When registering for voice authentication, you are asked to repeat a certain phrase in your own voice. The system then extracts a unique voice signature (voiceprint) from this supplied phrase and stores it on a server," said Andre Kassis, PhD candidate in Computer Security and Privacy and lead author of the study detailing the research.
The full article*: https://www.helpnetsecurity.com/2023/07/06/voice-authentication-insecurity/
Comment from Jake Moore Global Cyber Security Consultant at ESET:
“Voice cloning technology is growing rapidly and the speed with which cybercriminals are adopting it will soon make voice passwords redundant. Although often used as an additional layer of authentication alongside device identification or a PIN, voice passwords can very easily be copied by clever AI and trick simple systems into thinking the perpetrator is the account owner . This is particularly concerning when connected to financial accounts, which often tend to provide this capability as a layer of multi-factor authentication. Therefore, it is recommended to use alternative measures instead of voice authentication, as this type of cloning will be continuously improved. Other measures, such as security keys and authentication applications, still remain more secure. Citizens should also be reminded to remain wary of voicemails from people they know asking for money, especially if the message is from an unknown number or source."
*Disclaimer: H ESET bears no responsibility for the accuracy of the information listed in the article.