University of Waterloo computer scientists have discovered an attack method that can bypass security systems using voice authentication with a 99% success rate after just six tries.
The information was disclosed by the Help Net Security information site. Voice authentication, which allows businesses to verify the identity of their customers using a supposedly unique voiceprint, is increasingly used in remote banking services, call centers and other security-critical scenarios. “When registering for voice authentication, you are asked to repeat a certain phrase in your own voice. The system then extracts a unique voice signature (voiceprint) of this sentence and stores it on a server”, explains André Kassis, doctoral student in computer security and privacy and lead author of a study detailing the research.
Voice passwords soon to be obsolete
Reacting to the results of this study, Benoît Grunemwald, Cybersecurity expert at ESET France, points out that “voice cloning technology is developing rapidly, and the speed at which cybercriminals are adopting it will soon make voice passwords obsolete. Although it is often used as an additional layer of authentication, in conjunction with device ID or PIN, the voice can very easily be copied using artificial intelligence and fool simple systems. This is particularly concerning when it comes to financial accounts, which often tend to offer this layer of multi-factor authentication. Other measures such as security keys and authenticator apps are more secure. »
