Computer scientists at the University of Waterloo have developed a new technique that can fool voice authentication systems with up to a 99% success rate after only six tries.
The research, “Breaking Security-Critical Voice Authentication,” by Andre Kassis and Urs Hengartner, was published in the proceedings of the 44th IEEE Symposium on Security and Privacy.
The approach works by finding the markers in deepfake audio that indicate it is made by a computer and then building a software that eliminates these indicators, rendering it indistinguishable from actual audio.
In their work, the researchers employed a collection of 107 speakers’ voice samples to increase their understanding of true human-like speech patterns. They were successful in fooling authentication systems 72% of the time by creating multiple bogus samples. After repeated attempts against less robust systems, their success rate exceeded 99%, demonstrating the potential for malicious use of voice authentication.
The researchers put their method to the test against a number of voice authentication technologies, including Amazon Connect. In one four-second attack on Amazon Connect, they obtained a 10% success rate, which increased to more than 40% in less than 30 seconds. They achieved a 99% success rate after six attempts with some of the less sophisticated voice authentication systems they targeted.
According to the researchers, their findings underscore the importance of updating voice authentication systems with new spoofing defenses. They also advise businesses that rely solely on voice authentication to consider implementing additional or stronger authentication mechanisms.
The sources for this piece include articles in TheRegister and TechXplore.