Way back in September 2014 Yuval Ben-Itzhak, chief technology officer at the anti-virus company AVG, has carried out several experiments which revealed the new techniques hackers might use to gain control of voice-controlled devices. In an interview with Forbes magazine, he even made these comments about devices with voice recognition capability:
“Microphones should be disabled immediately and our current recommendation is that the user switch off features [involving voice commands]… At the moment, leaving biometric technology as it is today is like leaving a computer without a password and just allowing anyone to walk by, click and take an action.” Scaring, isn’t it?
He also added that a “thief outside the door” could take control of gadgets such as smart televisions or laptops from outside a target’s home, potentially burgling them without even smashing a window. Even more scaring.
Voice as a password.
Voice Biometrics is essentially a voice signature, allowing customers to “speak on the dotted line”.Voice Biometrics software identifies a person through their unique voiceprint. In the same way that everyone has a unique fingerprint or retina, voice biometrics technology is used to identify a person through their voice patterns. To put it simply, because of its unique nature, voice can serve as a password, facilitating authentication processes and decreasing the risk of fraud for both organisations and their customers.
Though it looks “simple” and wonderful it seems that there is a consensus in thinking that the vulnerability of technology which uses voice commands is likely to become an important issue in the coming years, as smartwatches and connected home devices grow in popularity and the technology becomes commonplace.
The latest reminder regarding the potential weaknesses of voice recognition technology was published yesterday by the International Business Time in a very informative and graphic article explaining that hackers could steal our voice to access our bank account:
The University of Alabama at Birmingham, US discovered they were able to penetrate automated and human voice verification systems by capturing speech and using a simple, off-the-shelf, voice-morphing tool. The study highlights how it could be used for access to bank accounts, identity theft or even to damage somebody’s reputation. It also uncovers how vulnerable we are to leaving our information around without us knowing. “People often leave traces of their voices in many different scenarios. They may talk out loud while socialising in restaurants, giving public presentations or making phone calls, or leave voice samples online,” said Nitesh Saxena, the director of the Security and Privacy In Emerging computing and networking Systems (SPIES) lab and associate professor of computer and information sciences at UAB.
In a previous post I worried because major banks such as Barclays, Royal Bank of Scotland, HSBC, Lloyd Bank and Santander had been attacked by hackers who sent 19,000 malicious emails in three days from spam servers worldwide, inviting users to download an archive containing a malicious .exe file. Now it seems that, with “voice theft” security is still a number one issue, bright future for security and cyber security companies!