Researchers reveal PVC pipe spoof threat to voice biometrics

Digital security engineers at the University of Wisconsin-Madison have discovered a weakness in automatic speaker identification systems that can be exploited using PVC pipes readily available at most hardware stores according to the UW-Madison news.

The team, led by Ph.D. student Shimaa Ahmed and Kassem Fawaz, a professor of electrical and computer engineering, presented their findings last week at the USENIX Security Symposium in Anaheim, California. “The systems are advertised now as secure as a fingerprint, but that’s not very accurate,” says Ahmed. “All of those are susceptible to attacks on speaker identification. The attack we developed is very cheap; just get a tube from the hardware store and change your voice.”

The risks posed to voice biometrics by analog security holes could be far-reaching. Ahmed points out that many commercial companies already sell the technology, with financial institutions among their early customers. The technology is also used for AI-supported personal assistants like Apple’s Siri.

Ahmed led a team that conducted an experiment to assess whether altering the resonance of a voice could deceive a voice biometrics system. Ph.D. student Yash Wani was asked to help modify PVC pipes at the UW Makerspace to assist them in their project. Adjusting the length and diameter of pipes purchased from a nearby hardware store, the team replicated the same resonance as the voice they sought to imitate.

Eventually, the team created an algorithm that can determine the PVC pipe dimensions necessary to transform the resonance of nearly any voice to imitate another. In a test set of 91 voices, the researchers successfully deceived security systems with the PVC tube attack 60 percent of the time, while unaltered human impersonators only succeeded six percent of the time.

The success of the spoof attack can be attributed to a couple of key factors. First, because the sound is analog, it easily circumvents the digital attack filters of the voice authentication system. Second, the tube doesn’t replicate the voice precisely; it solely mimics the resonance of the target voice. This level of mimicry is sufficient to confound the machine-learning algorithm, resulting in the misidentification of the attacking voice.

According to Fawaz, the project aims to inform the security community that voice identification is less secure than commonly believed. He states, “Generally, all machine-learning applications that are analyzing speech signals make an assumption that the voice is coming from a speaker, through the air to a microphone. But you shouldn’t make assumptions that the voice is what you expect it to be. There are all sorts of potential transformations in the physical world to that speech signal. If that breaks the assumptions underlying the system, then the system will misbehave.”

A new digital attack on voice authentication was also presented by a researcher last month.

iProov CEO Andrew Bud argues in a recent interview with Biometric Update that inclusive voice biometrics over a telephone have an inherent upper limit to their security against spoofs.

Article Topics

biometrics  |  speaker recognition  |  spoofing  |  voice authentication  |  voice biometrics