How hackers are now targeting your voice and how to protect yourself

How hackers are now targeting your voice and how to protect yourself

Unmasking the deepfake threat to voice authentication

by Robert Puente

In today’s digital chorus, your voice is the newest solo. It’s not just for singing in the shower or whispering sweet nothings anymore. No, it’s now your unique password, your very own vocal barcode. However, just as we’re crooning over the idea of voice authentication, hackers are hitting a high note, mastering the art of mimicking it.

 

The science behind voice authentication

When enrolling in voice authentication, you are asked to repeat a specific phrase in your own voice. Think of it as your vocal passport. You repeat a phrase, and the system pulls a unique “voiceprint” from it and stores it. Next time you try to access it, you repeat a different phrase, and the system checks it against your stored voiceprint. If it’s a match, you’re in.

a lock on a screen

MORE: ARE YOU READY FOR AI VOICE CLONING ON YOUR PHONE 

 

How hackers use deepfake software to create fake voices

As voiceprints became more prevalent, hackers realized they could leverage machine learning-enabled deepfake software to generate convincing copies of a victim’s voice using minimal recorded audio. Now, what’s a deepfake, you ask? It’s essentially a digital doppelgänger, an artificial intelligence that can mimic voices or faces with unsettling accuracy. In the case of audio deepfakes, the software studies the nuances, pitch, inflections, and rhythm of a voice sample. Then it generates a voice that’s eerily similar to the original. Yes, we’re talking about ventriloquist’s dummies coming to life here, parroting back voices in a way that can fool not only human ears but also the latest voice authentication systems. In response to these vocal imposters, developers strummed a counter-beat: they devised “spoofing countermeasures” to distinguish the authentic voices from the mimics, the human from the machine-made.

 

Voice authentication systems vulnerable to deepfake audio attacks

However, researchers at the University of Waterloo have found a way around these countermeasures. They’ve figured out how to make the deepfake audio sound so real that it can fool most voice authentication systems. In a recent test against Amazon Connect’s voice authentication system, they managed a 10% success rate within four seconds, jumping to over 40% in less than 30 seconds. For less advanced systems, they achieved a whopping 99% success rate after only six attempts.

hooded person using a computer

MORE: MOVE OVER SIRI – APPLE’S NEW AUDIOBOOK AI VOICE SOUNDS LIKE A HUMAN

 

How to prevent cyber crooks from stealing your vocal identity

Not all is lost in this symphony of cyber shenanigans, though. There are ways to ensure your vocal solo isn’t stolen and used in a hacker’s remix. Let’s conduct a deeper dive into these safety measures, your very own cybersecurity vocal warmup:

  •  Be aware of voice replay or voice cloning: One way fraudsters can carry out voice authentication fraud is through voice replay attack or voice cloning, where they record a person’s voice during a phone conversation and then use it to authenticate themselves as that person in a subsequent call.
  • Be cautious when sharing personal information: It’s important to be cautious when sharing personal information, including your voice, and to only share it with trusted sources. If you’re enrolling in voice authentication, make sure you’re doing so with a reputable company or organization.
  • Be wary when answering phone calls from unknown numbers or people: Be cautious when answering phone calls from unknown numbers or people, as they could be recording the call. Additionally, be wary of unsolicited requests for personal information or verification codes, as these can be signs of a scam.
  • Enable two-factor authentication whenever possible: Two-factor authentication adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.
  • Strengthen your passwords: Create strong passwords for your accounts and devices, and avoid using the same password for multiple online accounts. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse. One of the best password managers out there is 1Password. With no known security breaches or vulnerabilities, 1Password is a solid option as a paid password manager. It utilizes a well-designed interface, which features core components that are expected from premium, paid password managers. At the time of publishing, it starts at $2.99 a month, billed annually, for a total of $35.88/year, and you can save more with a family option which includes 5 family members for $60/year Get more details about my best expert-reviewed Password Managers of 2024 here.
  • Keep your software up to date: Regularly update your operating system, antivirus software, web browsers, and other applications to ensure you have the latest security patches and protections.
  • Use secure networks: Your digital security is only as strong as your weakest link, and often, that’s the network you’re using. Make sure you use secure and trusted networks when using voice authentication. Your home Wi-Fi is your personal recording studio. At the same time, public networks are the equivalent of singing your password out on a crowded street. If you wouldn’t share your bank account details at a coffee shop, don’t share your voiceprint there.
  • Disable voice assistant when not in use: When you’re not using your voice assistant, switch it off or mute it. It’s like packing up your microphone after a concert—you wouldn’t leave it on for someone else to use, would you? If it’s not needed, power it down. You’ll save on battery life and keep snoopers at bay.
  • Invest in identity theft protection services: Identity theft protection companies monitor your personal information, such as your home title, Social Security Number (SSN), phone number, and email address for sale on the dark web or being used to open accounts. They can also assist in freezing your bank and credit card accounts. Some providers even offer identity theft insurance and a fraud resolution team to help with recovery. 
    • My top recommendation is Identity Guard. Identity Guard will monitor personal information like your Home title, Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account.  They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. One of the best parts of using Identity Guard includes identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
    • Special for CyberGuy Readers:  Save up to 51% with my top recommendation is Identity Guard. Read more of my review of best identity theft protection services here.

MORE: DON’T LET SNOOPS NEARBY LISTEN TO YOUR VOICEMAIL WITH THIS QUICK TIP

 

Kurt’s key takeaways

In the grand orchestra of technology, each of us has a part to play in ensuring our own digital safety. Voice authentication, despite its potential vulnerabilities, is still a significant step forward in personal security technology. It’s a leap from the monotone hum of passwords to the vibrant symphony of unique voiceprints. However, as the researchers at the University of Waterloo remind us, no system is foolproof. We must stay vigilant, practice good cybersecurity hygiene, and remain aware of the latest tech trends.

Now that you know your voice can be your password, are you ready to sing the chorus of voice authentication, or would you stick to the old-school beat of typing passwords instead? Let’s hear your thoughts in the comments below.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2024 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.


   

Leave a Comment

GET MY FREE CYBERGUY REPORT
Subscribe to receive my latest Tech news, security alerts, tips and deals newsletter. (We won't spam or share your email with anyone else.)

By signing up, you agree to our Terms of Service and Privacy Policy. You may unsubscribe at any time.

Tips to avoid our newsletters going to your junk folder