An attack method that can break through the voice authentication system by almost 100% in 6 attempts is discovered
An attack method has been discovered that can break through a voice authentication security system that uses '
Breaking Security-Critical Voice Authentication
https://doi.ieeecomputersociety.org/10.1109/SP46215.2023.00139
Attackers can break voice authentication with up to 99% success within six tries: Study
The voice recognition system extracts a unique voiceprint from the user's voice, stores it on the server, asks the user to repeat another phrase on future authentication attempts, and compares it with the stored voiceprint to see if it matches. doing.
According to Andre Cassis of the University of Waterloo, such voice authentication systems can be easily broken through with software that creates 'deep fakes'. A malicious attacker can create a ``fake voice'' that breaks authentication from a recording of only about 5 minutes.
Systems often have safeguards in place to thwart such machine voice spoofing. Therefore, Mr. Cassis and his colleagues studied the means used as countermeasures against spoofing, and investigated how the anti-spoofing system can distinguish machine voices. We identified a 'marker' that anti-spoofing systems give only to machine voices, and created a program to remove this marker.
In a test conducted by Cassis et al. on
``The introduction of a voice authentication system is clearly better than not strengthening security at all, but it has a fatal flaw in the spoofing countermeasures of the voice authentication system,'' Cassis said. Co-researcher Urs Hengartner said, ``By demonstrating the low security of voice authentication systems, companies that use voice authentication as the only authentication factor can consider introducing stronger authentication methods. I hope it will be like that,” he added.
Related Posts:
in Security, Posted by log1p_kr