Security alert: Voice impersonators can trick voice recognition systems, according to research

Friday, December 15, 2017 by

Voice security systems are becoming increasingly common as authentication and security features. Part of this growing usage are the efforts to develop new protective techniques. So far, scientists have been able to keep voice security systems from being fooled by enterprising individuals armed with voice conversion and speech synthesis technology. As a new study has demonstrated, however, human-produced voice modifications can easily bypass those countermeasures.

With the aid of speakers and professional impersonators, a team of researchers from the University of Eastern Finland was more than capable of fooling voice recognition systems. The impersonators, who copied eight Finnish public figures, were able to fool state-of-the-art voice recognition systems and a panel of listeners.

The speakers, on the other hand, were tasked with reciting acted speech over the course of two recording sessions. The researchers asked the speakers to disguise their voices to fake their age, first to sound like an old person, then to sound like a child. They discovered that raising the pitch of one’s voice to sound just like a child was more than enough to deceive automatic speaker verification systems and listeners. (Related: Same company that manufactures “Smart” TVs that spy on you now rolling out refrigerators that record everything you say)

Remarking on the vulnerabilities of voice security technology, Aeriandi co-founder and chief product officer Tom Harwood said to V3.co.uk: “Biometrics technology has been shown to significantly reduce fraud, especially in the financial sector — but it’s not the whole solution. Technology advances have also shown that it is now possible to cheat voice recognition systems.

“Voice synthesizer technology is a great example. It makes it possible to take an audio recording and alter it to include words and phrases the original speaker never spoke, thus making voice biometric authentication insecure.”

The case of Dan and Joe Simmons

Harwood cited an example involving an experiment that BBC Click reporter Dan Simmons and his non-identical twin brother, Joe Simmons, have conducted. As reported by TheGuardian.com, Joe Simmons was able to fool HSBC’s voice recognition ID system and gain access to his brother’s account. The system, according to the report, requires users to say “my voice is my password” into the microphone. This statement is then matched up with an original recording of the account owner’s voice.

It took Joe Simmons seven attempts before he successfully mimicked his brother’s voice and was allowed access. And while Joe Simmons wasn’t given an opportunity to withdraw money, he was still permitted to view recent transactions and balances. Moreover, he was even offered the option to transfer Dan Simmons’ money to another account.

“What’s really alarming is that the bank allowed me seven attempts to mimic my brother’s voiceprint and get it wrong, before I got in at the eighth time of trying,” Joe Simmons told TheGuardian.com.

Following this, HSBC has stated that it will implement a three-attempts-only measure in their voice ID system. Furthermore, an official for the bank has criticized the experiment, commenting: “This is not how fraudsters work. This was a twin sitting with his brother. He would just as likely know other security data such as mother’s maiden name, pet’s name, and so on. In a real situation you would not have a fraudster sitting next to you. If he or she tried recording your voice saying ‘my voice is my password’ it would not work either, as the system is able to detect synthetic voice characteristics.”

Regardless, the study from Finland and the Simmons’ experiment has shown that voice recognition technology still has a long way to go before it’s completely foolproof. Anyone who has become reliant on this should ease off a little, just for the time being.

Keep up to date on the latest technology by visiting Inventions.news today.

Sources include:

UEF.fi

V3.co.uk

TheGuardian.com



Comments

comments powered by Disqus