The results of a new study demonstrate the fragility of using voice as an authentication method. Its researchers question the security of these modern systems and urge users to rethink their trust in them, in light of the real threat that attackers will circumvent these measures to gain access to their most valuable resources.
Voice authentication systems are becoming increasingly popular as a secure way to verify a person’s identity. I myself use them as the necessary requirement to make immediate transfers in my bank’s application. However, a new study by computer scientists at the University of Waterloo has revealed that these identification systems may not be as secure as we think. Attackers can crack the voice of these systems with up to 99% success in as few as six attempts.
Fool voice identifier
The study was conducted by computer scientists at the University of Waterloo in Canada. The researchers developed a method that evades spoofing countermeasures and can fool most voice authentication systems within the first six attempts. The method consists of generating antagonistic audio samples that are designed to fool voice authentication. system.
The researchers tested their method on 18 commercial voice authenticators and found that they were able to bypass all of them with a success rate of up to 99% in six attempts. Systems tested included those used by banks, credit card brands, and voice assistants. They also tested against Amazon Connect voice authentication. The result shows a 10% success rate on a 4 second attack. However, in less than 30 seconds, the success rate jumped to 40% and after six attempts, it reached 99%.
not secure authentication
The results of the study have huge implications for the future of voice authentication. The study shows that these systems are vulnerable to attacks and may not be as secure as one might think. Attackers can use the method developed by the researchers or a similar one to bypass voice authentication. systems with a high success rate.
The study also highlights the need for better security measures to protect against voice authentication attacks. The researchers suggest that these identification systems should use stronger anti-spoofing measures to prevent attackers from generating adversarial audio samples.
Scientists at the Univ. of Waterloo are not the only ones to have done this kind of research. A research team from cybersecurity firm Pindrop conducted a similar study, and the results aren’t too far off from the claims mentioned above. This pindrop studio analyzed the weakness of knowledge-based questions used by voice authentication systems.
The study analyzed data from more than 500 million calls to contact centers in the United States and Europe. It found that hackers could pass knowledge-based authentication questions 92 percent of the time. This means that the hackers were able to answer questions like “What is your mother’s maiden name?” correctly 92 percent of the time. This is an equally worrying finding, as knowledge-based authentication questions are commonly used in voice authentication systems.
