FB pixel

PhD student uses deepfake to pass popular voice authentication and spoof detection system

PhD student uses deepfake to pass popular voice authentication and spoof detection system

University of Waterloo (UW) cybersecurity PhD student Andre Kassis published his findings after being granted access to an account protected with biometrics using deepfake AI-generated audio recordings. 

A hacker can create a deepfake voice with five minutes of the target’s recorded voice, which can be taken from public posts on social media, the research shows. GitHub’s open source AI software can create deepfake audio that can surpass voice authentication.

He used the deepfake to expose a weakness in the Amazon Connect voice authentication system, a UW release reveals. Four-second attacks on Connect had a 10 percent success rate, and attacks closer to 30 seconds were successful 40 percent of the time.

In response, the company added biometric anti-spoofing software that could find digital markers on a voice recording, revealing if it was made by a machine or human. This worked until Kassis used free software to remove the digital markers from his deepfakes.

His method can bypass less sophisticated voice biometric authentication systems with a 99 percent success rate after six tries, according to the announcement.

“Our attack,” says Kassis in his journal article, “targets common points of failure that all spoofing countermeasures share, making it real-time, model-agnostic, and completely blackbox without the need to interact with the target to craft the attack samples.” The countermeasures use easily identifiable and forgeable cues to differentiate between spoofed and authentic audio.

Professor Urs Hengartner, a computer science professor who is Kassis’ supervisor and report co-author, said that “by demonstrating the insecurity of voice authentication, we hope that companies relying on voice authentication as their only authentication factor will consider deploying additional or stronger authentication measures.”

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News


Cameroon bishops urge massive participation in ongoing biometric voter registration

Catholic bishops under the banner of the National Episcopal Conference of Cameroon (NECC) have launched a fervent appeal to all…


Nigerians decry duplicative biometric capture for SIM registration, ID cards, SIM-NIN linkage…

The distress of Nigerians over repeated episodes of biometric capture for different identification purposes has been highlighted by local outlet…


EY secures AU$10.7M to build Australia digital ID register after limited tender

EY, a big four consulting firm, has won a $10.7 million Australian (US$6.9 million) contract to build a digital ID…


As retailers turn to biometrics to reduce theft, costs of poor implementation loom

Demand for biometrics to reduce retail crime continues to rise, but the risk of flawed deployments of the technology are…


Socure announces faster biometric IDV, deepfake and synthetic identity fraud detection

Identity verification provider Socure has announced the launch of its next generation DocV, now including enhanced deepfake selfie biometrics detection…


Rights groups criticize EU AI Act for inadequate protections against potential abuse

The EU’s AI Act is done, and no one is happy. Having been adopted by the European Parliament in March…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events