When Someone Else’s Voice is YOUR Bank Password

By Promotion | Updated 30 Jun 2017
When Someone Else’s Voice is YOUR Bank Password

The BBC recently reported how they fooled the a major bank’s voice recognition security system and were able to access another person’s accounts. In the simple example they showed in the video, a reporter setup an account with the financial institution as part of the test. The bank has been advertising that customer’s voices are unique and their Voice ID makes account access secure.   

advertisements

Well, it failed. The reporter’s brother was able to spoof his sibling's voice, without any need for technical modulation or recordings, and was granted access via the phone. 

https://www.youtube.com/watch?v=tWDoabeTAHM

Technology is just a tool. It can be used for good or malice. Even technology labeled ‘security’ can be undermined and leveraged in unexpected ways. We must know the limitations and be savvy when implementing security technology to reduce the risks.   

This is a good example of pushing security technology too far beyond its strengths. The result is usually a predictable failure. I suspect some security salesperson convinced a bank executive to adopt this technology, while showing them its effectiveness in pristine situations. But phone line sound quality varies, the health and activity of someone can change a voice, background noise, stress, and even age is a factor that must be compensated for. So, when such systems are deployed in the real world, they must be tuned for more flexibility, which makes it more vulnerable. This is true with many biometric identity authentication factors.   

advertisements

Voice recognition, given the fact it must compensate for all the variances in how the sounds might be modified, is not a strong factor in remote situations where recordings, AI systems, and other sound modulations could easily be applied. I think it has merit to be used as a second factor or a “weighted factor” that is taken into account for more sensitive transactions (password changes, large transfers/withdraws, etc.). But to use it as a primary means to identify and authenticate someone for general access to financial accounts is a bit reckless as proven by the video in the BBC piece.   

Understanding the nuances of security is a specialized skill. One that should be in demand more than ever. Technology must not only be innovative, but also applied in a way to maximize benefits and minimize the introduction of new weaknesses. 

advertisements

For more such intel IoT resources and tools from Intel, please visit the Intel® Developer Zone

Source: https://software.intel.com/en-us/blogs/2017/06/07/when-someone-elses-voice-is-your-bank-password

Promotion
advertisements
ASK DIGIT

Recent Questions

Can someone force you to visit Web sites against your will?
Hina
Sept 13, 2014
Responses 1
Vivek Bhatt
Sept 16, 2014
Comments
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment
advertisements