Voice authentication systems (used as “voice auth” systems in the rest of the article) are becoming increasingly popular as a secure way to verify a person’s identity. However, a new study by computer scientists at the Univ. of Waterloo has revealed that these systems may not be as secure as we once thought. Attackers can break voice these systems with up to 99% success within six tries, according to the study. In this article, we will explore the details of the study and what it means for the future of voice auth.
What is Voice Auth.?
Voice auth. is a biometric security measure that uses a person’s voice to verify their identity. It works by analyzing the unique traits of a person’s voice, such as pitch, tone, and accent, to create a voice print. This print is then compared to a stored voice print to determine if the person is who they claim to be.
Andre Kassis, a Computer Security and Privacy PhD student and the lead author of the study said…
“When enrolling in voice auth., you are asked to repeat a certain phrase in your own voice. The system then extracts a unique vocal signature (voiceprint) from this provided phrase and stores it on a server … “For future auth. attempts, you are asked to repeat a different phrase and the features extracted from it are compared to the voice print you have saved in the system to determine whether access should be granted.”
The Study
The study was conducted by computer scientists at the Univ. of Waterloo. The researchers developed a method that evades spoofing countermeasures and can fool most voice auth. systems within six tries. The method involves generating adversarial audio samples that are designed to fool the voice auth. system.
The researchers tested their method on 18 commercial voice auth. systems and found that they were able to bypass all of them with a success rate of up to 99% within six tries. The systems tested included those used by banks, credit card brands, and voice assistants. They also did a test against Amazon Connet voice auth. system. The result shows a 10% success rate in 4 seconds attack. However, in less than 30 seconds, the success rate rose to 40% and after six attempts, it hit 99%.
Implications for voice auth.
The results of the study have huge implications for the future of voice auth. The study shows that voice auth. systems are exposed to attack and may not be as secure as we once thought. Attackers can use the method developed by the researchers to bypass voice auth. systems with a high success rate.
The study also highlights the need for better security measures to protect against voice auth. attacks. The researchers suggest that voice auth. systems should use more robust anti – spoofing measures to prevent attackers from generating adversarial audio samples.
Pindrop has similar results
The scientists at the Univ. of Waterloo are not the only ones to have conducted such research. A research team at Pindrop did a similar study and the results are not very far from the claims stated above. Pindrop is an IT security company that specializes in voice auth. and security. While the Univ. of Waterloo looked at bypassing the voice auth. system itself, the Pindrop study looked at the weakness of knowledge – based questions which voice auth. systems use.Â
The study analyzed data from over 500 million calls to contact centres in the United States and Europe. It found that hackers were able to pass knowledge – based authentication questions 92 per cent of the time. This means that hackers were able to answer questions such as “What is your mother’s maiden name?” correctly 92 per cent of the time. This is a concerning finding, as knowledge – based authentication questions are commonly used in voice auth. systems.
Risks of Voice Auth.
The study’s findings highlight the risks of voice auth. Fraudsters are becoming increasingly sophisticated in their methods, and they are using data breaches, smishing attacks, and generative AI to exploit weaknesses in contact centres and IVRs. This also means that voice auth systems need to be constantly updated and improved to stay ahead of fraudsters.
Benefits of Voice Authentication
Despite the risks, voice auth. has many benefits. It is an easy and secure way to verify a person’s identity. Voice auth. is also more secure than regular authentication methods such as passwords and PINs, which can be easily hacked or stolen.
Best Practices for Voice Authentication
To ensure the safety of voice auths., it is important to follow best practices. Here are some best practices for voice auth:
- Combine call metadata, device and behaviour analysis, and risk intelligence to securely authenticate callers without their voice.
- Use number validation to simplify the authentication process and reduce the risk of fraud.
- Require secure passwords and authentication.
- Apply sound security practices when developing new products.
- Store sensitive personal information securely and protect it during transmission.
- Insist that appropriate security standard are part of your contracts.
Final Words
Voice auth. is becoming increasingly popular as a secure way to verify a person’s identity. However, a new study by computer scientists at the University of Waterloo has shown that these systems may not be as secure as we once thought. Attackers can break voice auth. with up to 99% success within six tries, according to the study.
The study highlights the need for better security measures to protect against voice auth. attacks. Voice auth. systems should incorporate more robust anti – spoofing measures to prevent attackers from generating adversarial audio samples. As voice auth. becomes more prevalent, it is essential to ensure that these systems are secure and reliable.
This system is a convenient and secure way to verify a person’s identity. However, the risks of voice auth. cannot be ignored. Fraudsters are becoming increasingly sophisticated in their methods, and they are using data breaches, smishing attacks, and generative AI to exploit weaknesses in contact centres and IVRs. Also, to ensure the safety of voice auth., it is important to follow best practices and stay ahead of fraudsters.
