By now, you’ve probably seen a deepfake video or two come across your social media feed (hey, that deepfake Tom Cruise is pretty convincing). Did you know that deepfake audio is even easier to mimic?Â
To show how flawed voice authentication can be, computer scientists figured out a way to fool the technology in just six tries. Keep reading to learn more about how they did it and how to safeguard yourself.
Voice authentication 101
Voice authentication technology is primarily used by companies that must verify their customers’ identities. Verification with a customer’s unique “voiceprint” is standard practice in banking, call centers, and other institutions where keeping your info private is a major concern.
When you first enroll in voice authentication, you’re typically asked to repeat a specific phrase in your own voice. The company’s system then generates a custom vocal signature, or voiceprint, from whichever phrase you provided. Your voiceprint is then stored on a secure server.Â
Once your voiceprint is saved, it’s used in the future when you contact the company. You’re usually asked to repeat a different phrase than the one you initially gave, which is then digitally compared to your saved voiceprint in the system. If everything matches up, you’ll pass the test and gain access to your information.
Of course, hackers weren’t born yesterday. They got to work as soon as companies began implementing voiceprint technology on a large scale. Through AI machine-learning “deepfake” software, the bad guys figured out a way to copy voiceprints and skate through security measures.
To stop the deepfakes, voice authentication developers put “spoofing countermeasures” in place. Although they’re designed to tell a human voice from a robot one, the protection often falls short.
Who’s voice is it anyway?
Researchers at the University of Waterloo decided to play hacker for a day and attempted to crack their code. First, they pinpointed the characteristics of deepfake audio that reveal it as computer generated. They then wrote a program that removes these giveaway features, making it virtually the same as authentic human audio.
The hacker-like tech they developed was so good that it could fool most voice authentication systems. The systems with less-than-sophisticated technology were busted in just six attempts 99% of the time.
The researchers also tested it against Amazon Connect’s voice authentication system. They achieved a 10% success rate within four seconds. The success rate jumped to 40% in attempts of 30 seconds or less.
Safe and sound
Are you worried about the safety of using your voice as a password? If a company provides the option, choose to use an authentication system that requires both a PIN and a password. Multi-factor authentication systems offer additional protection and make it tougher on hackers.
Even though biometric safety measures like voice authentication can be safer than more manual options like passwords, they still have a ways to go. Until companies can put better tech in place to make voice authentication safer, it’s up to you to decide how much of a risk you’re willing to take.Â
Are you having an issue with your TV or smartphone? Head here to learn all about tech support scams and how to avoid them.