January 3, 2018 By Shane Schick 2 min read

Voice recognition authentication may be a lot quicker and easier than logging on to IT systems using more traditional passwords, but researchers are suggesting the technology could be easily bypassed through basic trickery.

As noted by TechRepublic, users are increasingly speaking, rather than typing, their credentials to gain access to applications on a network. Through a combination of behaviorial and physiological biometrics, voice recognition is already available in cloud-based products such as Microsoft Azure and the iPhone X. However, imitating a particular person’s tone may be all it takes for cybercriminals to break in.

Compromising Voice Recognition Authentication

Last spring, BBC reported a story in which a reporter had his fraternal twin brother break into his bank account with HSBC using voice recognition authentication. Although the financial services firm deployed the technology in 2016 and used dozens of different variables to identify unique vocal patterns, mimicking the user’s voice allowed his brother to see account histories and make transfers. HSBC has since said it will look further into how it secures online services.

Although biometrics may have once seemed like an unusual security tool, a recent study from Visa revealed that consumers are increasingly in favor of login options that don’t involve a token or password. TechTarget predicted that technologies like voice recognition authentication will ultimately emerge as the preferred security method based on their simplicity. However, it’s this same ease of use that makes these features vulnerable to cybercriminals.

Enhancing Biometric Security

Opus Research suggested that there are some measures that could make voice recognition authentication more difficult to compromise. This includes systems that would play back vocal commands more carefully to detect impostors, as well as technologies that ensure what’s being heard by a system is a live person rather than a recording.

The more immediate solution is to approach biometrics in a multimodal fashion. Much like two-factor authentication that includes a token and a password, it could benefit users to pair their voice with a second credential. As advanced as the technology is becoming, computers still need to ensure we are who are say we are.

More from

Regulatory harmonization in OT-critical infrastructure faces hurdles

3 min read - In an effort to enhance cyber resilience across critical infrastructure, the Office of the National Cyber Director (ONCD) has recently released a summary of feedback from its 2023 Cybersecurity Regulatory Harmonization Request for Information (RFI). The responses reveal major concerns from critical infrastructure industries related to operational technology (OT), such as energy, transport and manufacturing. Their worries include the current fragmented regulatory landscape and difficulty adapting to new cyber regulations. The frustration appears to be unanimous. Meanwhile, the magnitude of…

Generative AI security requires a solid framework

4 min read - How many companies intentionally refuse to use AI to get their work done faster and more efficiently? Probably none: the advantages of AI are too great to deny.The benefits AI models offer to organizations are undeniable, especially for optimizing critical operations and outputs. However, generative AI also comes with risk. According to the IBM Institute for Business Value, 96% of executives say adopting generative AI makes a security breach likely in their organization within the next three years.CISA Director Jen…

Q&A with Valentina Palmiotti, aka chompie

4 min read - The Pwn2Own computer hacking contest has been around since 2007, and during that time, there has never been a female to score a full win — until now.This milestone was reached at Pwn2Own 2024 in Vancouver, where two women, Valentina Palmiotti and Emma Kirkpatrick, each secured full wins by exploiting kernel vulnerabilities in Microsoft Windows 11. Prior to this year, only Amy Burnett and Alisa Esage had competed in the contest's 17-year history, with Esage achieving a partial win in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today