IBM researchers uncover AI voice hijacking vulnerability in phone calls

Share post:

In a new study, IBM researchers have unveiled a method that could fundamentally alter the security landscape of voice communications. Dubbed “audio-jacking,” this technique leverages generative AI tools to hijack ongoing voice calls, posing a significant threat to financial institutions and other entities that rely on phone conversations for identity verification.

The essence of this threat lies in the ability of scammers to use low-cost AI tools to mimic an individual’s voice, allowing them to intervene in live conversations to divert funds or obtain sensitive information. The researchers detailed how this method could be employed by first compromising a victim’s phone with malware or intercepting voice calls through a wireless service. The attackers then use AI to scan conversations for specific keywords like “bank account,” substituting the victim’s spoken information with that of the attacker’s, all in the cloned voice of the victim.

Chenta Lee, IBM Security’s chief architect of threat intelligence, emphasized the breadth of potential misuse, extending beyond financial fraud to altering medical records or influencing stock market transactions. The sophistication of this attack method is underscored by the fact that attackers can clone a voice with as little as three seconds of recorded speech.

Despite the alarming potential, IBM’s experiments also highlighted limitations, such as delays in the AI-generated responses and the varying quality of voice clones. Nonetheless, the advent of such technology signals a new era in cyber threats, making traditional voice verification methods increasingly vulnerable.

To combat this, the report suggests vigilance during phone calls, recommending that individuals paraphrase and repeat statements to confirm their accuracy, a strategy aimed at outmaneuvering the AI’s current limitations in understanding conversational nuances.

As generative AI continues to evolve, this report serves as a critical reminder of the need for advanced security measures and awareness to safeguard against increasingly sophisticated cyber threats.

Sources include: Axios

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

OpenAI claims New York Times manipulated ChatGPT “fabricate data”

OpenAI has challenged the New York Times' copyright lawsuit, asserting the newspaper manipulated ChatGPT to fabricate evidence. The...

Wendy’s leverages digital tech to test “surge pricing”

Wendy's is set to experiment with Uber-like surge pricing, a concept referred to as "dynamic pricing," starting in...

Meta is gathering data on Quest virtual reality users

Meta's latest policy update reveals plans to start collecting "anonymized" data from its Quest headset users, intensifying concerns...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways