How secure are voice authentication systems?
According to Waterloo researchers, hackers are able to crack voice authentication with a 99% success rate, within six attempts
Researchers at the University of Waterloo have made a worrying discovery in the field of computer security. They have developed an attack method that manages to evade voice authentication security systems with a success rate of up to 99% after just six attempts. Voice authentication is increasingly being used by businesses in online banking, call centers and other security-critical environments. It consists of verifying the identity of customers through a presumably unique “voiceprint”.. When you subscribe to this type of authentication, you are asked to repeat a phrase with your voice. The system then extracts a unique voice signature from this sentence and stores it on a server. Subsequently, when attempting authentication, you are prompted to repeat a different phrase and the extracted speech characteristics are compared to the saved voice print to determine if access should be granted. Unfortunately, bad actors quickly realized that it is possible to use the so-called ” deepfake “, a software based on machine learning, to generate convincing copies of a person’s voice using even just a few minutes of audio recording. To counter this threat, the developers have introduced “spoofing countermeasures ” that are able to distinguish between a human voice and one generated by software.
The test tests
However, researchers at the University of Waterloo have developed a method that manages to bypass these spoofing countermeasures and can fool most voice authentication systems. The Waterloo computer scientists have managed to identify the markers in deepfake audio (which reveals that the audio was artificially generated by a computer) and have created a program that removes these markers, making the audio indistinguishable from the real one. In a test conducted on Amazon Connect’s voice authentication system, the researchers achieved a 10% success rate in a four-second attack, which soared over 40% in less than thirty seconds. With less sophisticated voice authentication systems, they’ve even managed to achieve a 99% success rate within six attempts.lacking and that the only way to create a secure system is to think like a hacker. His supervisor, Professor Urs Hengartner, adds that the implementation of additional or more robust authentication measures should be considered for companies that rely on voice authentication as the sole authentication factor. This discovery raises important questions about the security of voice authentication systems and underlines the need to continue to develop new solutions and improve current countermeasures to protect customers’ personal and financial information.