Security software designed to prevent bank fraud has been fooled by a BBC reporter and his twin. BBC Click reporter Dan Simmons set up an HSBC account and signed up to the bank's voice ID authentication service.
HSBC says the system is secure because each person's voice is "unique". But the bank let Dan Simmons' non-identical twin, Joe, access the account via the telephone after he mimicked his brother's voice. The bank said it would "review" ways to make the ID system more sensitive following the BBC investigation.
[...] Although the breach did not allow Joe Simmons to withdraw money, he was able to access balances and recent transactions, and was offered the chance to transfer money between accounts.
In research presented at the 2015 European Symposium on Research in Computer Security, University of Alabama at Birmingham (UAB) researchers have found that automated and human verification for voice-based user authentication systems are vulnerable to voice impersonation attacks. Nitesh Saxena, Ph.D., is the director of the Security and Privacy In Emerging computing and networking Systems (SPIES) lab and associate professor of computer and information sciences at UAB.
The researchers were able to fool automated systems 80%-90% of the time, and humans about 50% of the time. They warn that computer hardware and voice imitation software continue to improve while the human ability to distinguish real from imitation likely will not.
Using an off-the-shelf voice-morphing tool, the researchers developed a voice impersonation attack to attempt to penetrate automated and human verification systems.
[...] Advances in technology, specifically those that automate speech synthesis such as voice morphing, allow an attacker to build a very close model of a victim's voice from a limited number of samples. Voice morphing can be used to transform the attacker's voice to speak any arbitrary message in the victim's voice.
[...] Voice biometrics is based on the assumption that each person has a unique voice that depends not only on his or her physiological features of vocal cords but also on his or her entire body shape, and on the way sound is formed and articulated.
(Score: 0) by Anonymous Coward on Saturday May 20, @10:57PM
SCOTT: Run it through analyser. Question. Is it or is it not the Captain's voice?
COMPUTER: Negative. A close copy.
SCOTT: A voice duplicator?
COMPUTER: Ninety eight percent probability.
(Score: 2) by takyon on Saturday May 20, @11:00PM (1 child)
This is worse for those with evil twins.
(Score: 0) by Anonymous Coward on Saturday May 20, @11:06PM
I know. right? Evil twins could land one high paying job working 80 hours a week and split the work between them and only work 40 hours a week. Think of the employment fraud!!
(Score: 2) by Moru on Saturday May 20, @11:13PM (1 child)
What happens when they have adjusted it to be more sensitive? Will no one get access to their bank account any more? :-)
(Score: 0) by Anonymous Coward on Saturday May 20, @11:20PM
Voice recognition is not the reason you won't get any money. You won't get any money after you train your African replacement and you are laid off.
