A Good Mimic Can Bypass Voice Recognition Authentication, Research Suggests
Voice recognition authentication may be a lot quicker and easier than logging on to IT systems using more traditional passwords, but researchers are suggesting the technology could be easily bypassed through basic trickery.
As noted by TechRepublic, users are increasingly speaking, rather than typing, their credentials to gain access to applications on a network. Through a combination of behaviorial and physiological biometrics, voice recognition is already available in cloud-based products such as Microsoft Azure and the iPhone X. However, imitating a particular person’s tone may be all it takes for cybercriminals to break in.
Compromising Voice Recognition Authentication
Last spring, BBC reported a story in which a reporter had his fraternal twin brother break into his bank account with HSBC using voice recognition authentication. Although the financial services firm deployed the technology in 2016 and used dozens of different variables to identify unique vocal patterns, mimicking the user’s voice allowed his brother to see account histories and make transfers. HSBC has since said it will look further into how it secures online services.
Although biometrics may have once seemed like an unusual security tool, a recent study from Visa revealed that consumers are increasingly in favor of login options that don’t involve a token or password. TechTarget predicted that technologies like voice recognition authentication will ultimately emerge as the preferred security method based on their simplicity. However, it’s this same ease of use that makes these features vulnerable to cybercriminals.
Enhancing Biometric Security
Opus Research suggested that there are some measures that could make voice recognition authentication more difficult to compromise. This includes systems that would play back vocal commands more carefully to detect impostors, as well as technologies that ensure what’s being heard by a system is a live person rather than a recording.
The more immediate solution is to approach biometrics in a multimodal fashion. Much like two-factor authentication that includes a token and a password, it could benefit users to pair their voice with a second credential. As advanced as the technology is becoming, computers still need to ensure we are who are say we are.