FB pixel

Researchers reveal PVC pipe spoof threat to voice biometrics

Researchers reveal PVC pipe spoof threat to voice biometrics
 

Digital security engineers at the University of Wisconsin-Madison have discovered a weakness in automatic speaker identification systems that can be exploited using PVC pipes readily available at most hardware stores according to the UW-Madison news.

The team, led by Ph.D. student Shimaa Ahmed and Kassem Fawaz, a professor of electrical and computer engineering, presented their findings last week at the USENIX Security Symposium in Anaheim, California. “The systems are advertised now as secure as a fingerprint, but that’s not very accurate,” says Ahmed. “All of those are susceptible to attacks on speaker identification. The attack we developed is very cheap; just get a tube from the hardware store and change your voice.”

The risks posed to voice biometrics by analog security holes could be far-reaching. Ahmed points out that many commercial companies already sell the technology, with financial institutions among their early customers. The technology is also used for AI-supported personal assistants like Apple’s Siri.

Ahmed led a team that conducted an experiment to assess whether altering the resonance of a voice could deceive a voice biometrics system. Ph.D. student Yash Wani was asked to help modify PVC pipes at the UW Makerspace to assist them in their project. Adjusting the length and diameter of pipes purchased from a nearby hardware store, the team replicated the same resonance as the voice they sought to imitate.

Eventually, the team created an algorithm that can determine the PVC pipe dimensions necessary to transform the resonance of nearly any voice to imitate another. In a test set of 91 voices, the researchers successfully deceived security systems with the PVC tube attack 60 percent of the time, while unaltered human impersonators only succeeded six percent of the time.

The success of the spoof attack can be attributed to a couple of key factors. First, because the sound is analog, it easily circumvents the digital attack filters of the voice authentication system. Second, the tube doesn’t replicate the voice precisely; it solely mimics the resonance of the target voice. This level of mimicry is sufficient to confound the machine-learning algorithm, resulting in the misidentification of the attacking voice.

According to Fawaz, the project aims to inform the security community that voice identification is less secure than commonly believed. He states, “Generally, all machine-learning applications that are analyzing speech signals make an assumption that the voice is coming from a speaker, through the air to a microphone. But you shouldn’t make assumptions that the voice is what you expect it to be. There are all sorts of potential transformations in the physical world to that speech signal. If that breaks the assumptions underlying the system, then the system will misbehave.”

A new digital attack on voice authentication was also presented by a researcher last month.

iProov CEO Andrew Bud argues in a recent interview with Biometric Update that inclusive voice biometrics over a telephone have an inherent upper limit to their security against spoofs.

Article Topics

 |   |   |   | 

Latest Biometrics News

 

New FaceTec CLO among avalanche of appointments in biometrics and fraud protection

New executives have been named by biometrics providers FaceTec, Pindrop and Fingerprint Cards, along with C-level appointments by Prove and…

 

Indonesia issues call for World Bank-backed digital identification project

Indonesia is looking for a company providing consulting services as a part of its upcoming digital transformation project backed by…

 

Affinidi data sharing framework leverages privacy-preserving open standards

Affinidi, a company specializing in data and identity management, unveiled the Affinidi Iota framework at the WeAreDevelopers World Congress. This…

 

Sri Lanka set for January biometric passport launch, plans airport upgrades

Sri Lanka is preparing to begin issuing biometric passports with electronic chips embedded as of January, 2025, according to a…

 

Vending machines with biometric age verification roll out in Germany, US

Vending machines are growing in popularity as a way to sell age-restricted products around the world, with Diebold Nixdorf algorithms…

 

San Francisco police hit with lawsuit over facial recognition use

In 2019, San Francisco became the first city in the U.S. to ban facial recognition technology, forcing the police and…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events