November 29, 2017 -
Researchers at Florida State University have developed a way for smartphones to read user’s lip gestures with sonar, enabling the gestures to be used as a liveness detection system to thwart replay attacks.
The system, which the researchers call VoiceGesture, uses the phone’s speaker to transmit a high-frequency sound, which is reflected back to the microphone as the user says his or her password. It does not require and additional hardware, and can be integrated into existing smartphone operating systems and mobile apps to secure logins. Research into the system is published in a paper titled “Hearing Your Voice is Not Enough: An Articulatory Gesture Based Liveness Detection for Voice Authentication” (PDF).
Using articulatory gestures to authenticate along with their voice avoids the risk of spoofing attacks carried out using samples audio and video from readily available sources like social media.
The research was carried out using the Samsung Note 5, Note 3, and Galaxy S5 smartphones.
“Our experimental evaluation with 21 participants and different types of phones shows that it achieves over 99% detection accuracy at around 1% Equal Error Rate (EER),” study authors Linghan Zhang, Sheng Tan, and Jie Yang write. “Results also show that it is robust to different phone placements and is able to work with different sampling frequencies.”
Yang told Digital Trends that Google is currently reviewing the technique, and the researchers plan to take it to other smartphone manufacturers, including Samsung and Huawei.
As previously reported, University of Michigan researchers recently announced the development of a technique to use wearables to mitigate voice authentication vulnerabilities.