FB pixel

PhD student uses deepfake to pass popular voice authentication and spoof detection system

PhD student uses deepfake to pass popular voice authentication and spoof detection system
 

University of Waterloo (UW) cybersecurity PhD student Andre Kassis published his findings after being granted access to an account protected with biometrics using deepfake AI-generated audio recordings. 

A hacker can create a deepfake voice with five minutes of the target’s recorded voice, which can be taken from public posts on social media, the research shows. GitHub’s open source AI software can create deepfake audio that can surpass voice authentication.

He used the deepfake to expose a weakness in the Amazon Connect voice authentication system, a UW release reveals. Four-second attacks on Connect had a 10 percent success rate, and attacks closer to 30 seconds were successful 40 percent of the time.

In response, the company added biometric anti-spoofing software that could find digital markers on a voice recording, revealing if it was made by a machine or human. This worked until Kassis used free software to remove the digital markers from his deepfakes.

His method can bypass less sophisticated voice biometric authentication systems with a 99 percent success rate after six tries, according to the announcement.

“Our attack,” says Kassis in his journal article, “targets common points of failure that all spoofing countermeasures share, making it real-time, model-agnostic, and completely blackbox without the need to interact with the target to craft the attack samples.” The countermeasures use easily identifiable and forgeable cues to differentiate between spoofed and authentic audio.

Professor Urs Hengartner, a computer science professor who is Kassis’ supervisor and report co-author, said that “by demonstrating the insecurity of voice authentication, we hope that companies relying on voice authentication as their only authentication factor will consider deploying additional or stronger authentication measures.”

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Harmonized digital driving license in EU approved as part of driving reform package

The EU is getting closer to a harmonized mobile driver’s license (mDL) with the approval of a provisional deal on…

 

DARPA taps Aptima to bring media forensics to market amid deepfake surge

The Defense Advanced Research Projects Agency (DARPA) has awarded a commercialization contract to Aptima, Inc. that marks a critical inflection…

 

Parsons secures sole source deal to equip U.S. Air Force with biometric kits

The U.S. Air Force Air has issued a notice of intent to award a sole-source contract to Parsons Corporation for…

 

Gov.uk Wallet ‘empowering the market,’ says Kyle, in big win for OSPs

After a tense few weeks, the UK government has released the working principles for the Gov.uk Wallet plan that has…

 

Biometrics integrations, identity intelligence improve financial services onboarding

Major integrations for Fourthline and BioCatch are expanding the reach of their biometric user onboarding and KYC technologies, as financial…

 

Pakistan introduces digital birth, death registration in health facilities

Pakistan has taken a decisive move to streamline birth and death registration by digitizing the process and making services available…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Biometric Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events