back to article You may have heard about AI defeating voice authentication. This research kinda proves it

The rise of off-the-shelf AI tools that can clone human voices may force developers of voice authentication software to build an extra layer of security to detect whether an audio sample appears to be human or machine-generated. Voice authentication is commonly used by call centers, banks, government agencies, and so many …

  1. Pascal Monett Silver badge

    "need to have access to their target's voice"

    With all the audio data available from all sorts of sources on the Internet, that doesn't seem to be much of a barrier if you're seeking to spoof the voice of anyone who is known. Celebrities, politicians, major CEOs, all of them have their voice on publicly-available sources somewhere.

    Now, if you're targetting someone for specific reasons that is not a social media aficionado, it makes things a lot more complicated, especially if you do not know the person socially. You're going to have to find a way to meet the person, get the person talking and put your mobile phone down to record the conversation. That will mean cleaning up the recording afterwards, which is never an easy task.

    So, the basic question really is just how well recorded does the target's voice need to be ? Will a few dozen seconds in the street suffice, or do you need a few minutes of sound booth recording ?

    1. UCAP Silver badge

      Re: "need to have access to their target's voice"

      While I cannot say from first-hand knowledge, I suspect that the bigger the sample you have, the more accurately the AI system can reproduce it. A few seconds of sampling is unlikely to be enough since most (if not all) of us have idiosyncrasies in our speech patterns that tend to only come out with certain words (in my case, traces of a Canadian accent from when I lived there as a child, even though I came back to Blighty 50-odd years ago).

      1. katrinab Silver badge
        Black Helicopters

        Re: "need to have access to their target's voice"

        Sure, but if you were wanting to target say a politician, there's going to be plenty of material out there to sample.

      2. Potty Professor

        Re: "need to have access to their target's voice"

        Although I've never been anywhere near Australia, any recording of my voice appears to have a strong Aussie accent :-(

    2. 42656e4d203239 Silver badge

      Re: "need to have access to their target's voice"

      >>just how well recorded does the target's voice need to be

      Not particularly well. Phone calls have very restricted bandwidth by design (though, recently, you can get 'high resolution' calling if both ends suport it)

    3. Hans Neeson-Bumpsadese Silver badge

      Re: "need to have access to their target's voice"

      So, the basic question really is just how well recorded does the target's voice need to be ?

      I suspect the answer is 'not very'.

      I've always been a bit dubious of the security of voice recognition. I've successfully passed voice recognition for my bank with a variety of cold symptoms, irritation, shouting over background noise, etc. without any problems. If it can authenticate me based on such variance in inputs, then I've long suspected that it could authenticate a nefarious source of my voice.

  2. Anonymous Coward
    Anonymous Coward

    If you are serious in this field, you participate in the biannual Automatic Speaker Verification and Spoofing Countermeasures Challenge (ASV spoof):


    I am very wary about claims of breaking systems in your own lab on your own terms. I want to see it against real systems in a challenge.

    1. Michael Wojcik Silver badge

      Yes, but remember the commonplace wisdom that attacks only get better. In the long run, voice recognition systems will fail under a number of plausible use cases. Like other biometrics they're simply not very good authenticators. (Whether anything is a good authenticator is still an open question. Even defining authentication can get sticky.)

  3. Kane

    My Voice is my Password...

    ...Verify Me

    1. Anonymous Coward
      Anonymous Coward

      Re: My Voice is my Password...

      That movie is the reason I've never trusted voice recognition....

    2. Flocke Kroes Silver badge


      Why didn't the system authenticate the tape played at double speed?

  4. Flocke Kroes Silver badge

    On the plus side

    According to Noah Vosen it is far better to have your voice recorded than lose a hand or an eye.

  5. ComputerSays_noAbsolutelyNo Silver badge

    Automation giveth, and automation taketh away

    ... my 2 cents

  6. Simian Surprise

    A "secure" system identifying me based solely on my voice isn't something I'd trust with any amount of my data, let alone anything a hacker would care to get their hands on.

    So as I see it, this is similar to the technique of lifting someone's fingerprints from a surface and using them to bypass a fingerprint scanner: not easy but doable with the right knowledge, effort, and a bit of luck... and then you can try guessing the password and such, maybe get your hands on my phone for 1TP.

  7. Claptrap314 Silver badge

    "Who you are"

    has NEVER been a viable auth strategy. Any bio measure has got to be lossy, so unless you are sampling a LOT of data, neither uniqueness nor security is likely to be very good. And that--only until the data is somehow leaked, at which the main problem arises: bio data is effectively unchangeable.

    I guess if your business model is to sell systems to people who don't really understand the limits of the technology, this can be a thing. I don't understand how any of these systems ever survives a serious technical review.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like