You may have heard about AI defeating voice authentication. This research kinda proves it The rise of off-the-shelf AI tools that can clone human voices may force developers of voice authentication software to build an extra layer of security to detect whether an audio sample appears to be human or machine-generated. Voice authentication is commonly used by call centers, banks, government agencies, and so many …
With all the audio data available from all sorts of sources on the Internet, that doesn't seem to be much of a barrier if you're seeking to spoof the voice of anyone who is known. Celebrities, politicians, major CEOs, all of them have their voice on publicly-available sources somewhere.
Now, if you're targetting someone for specific reasons that is not a social media aficionado, it makes things a lot more complicated, especially if you do not know the person socially. You're going to have to find a way to meet the person, get the person talking and put your mobile phone down to record the conversation. That will mean cleaning up the recording afterwards, which is never an easy task.
So, the basic question really is just how well recorded does the target's voice need to be ? Will a few dozen seconds in the street suffice, or do you need a few minutes of sound booth recording ?
While I cannot say from first-hand knowledge, I suspect that the bigger the sample you have, the more accurately the AI system can reproduce it. A few seconds of sampling is unlikely to be enough since most (if not all) of us have idiosyncrasies in our speech patterns that tend to only come out with certain words (in my case, traces of a Canadian accent from when I lived there as a child, even though I came back to Blighty 50-odd years ago).
So, the basic question really is just how well recorded does the target's voice need to be ?
I suspect the answer is 'not very'.
I've always been a bit dubious of the security of voice recognition. I've successfully passed voice recognition for my bank with a variety of cold symptoms, irritation, shouting over background noise, etc. without any problems. If it can authenticate me based on such variance in inputs, then I've long suspected that it could authenticate a nefarious source of my voice.
If you are serious in this field, you participate in the biannual Automatic Speaker Verification and Spoofing Countermeasures Challenge (ASV spoof):
'https://www.asvspoof.org/
I am very wary about claims of breaking systems in your own lab on your own terms. I want to see it against real systems in a challenge.
Yes, but remember the commonplace wisdom that attacks only get better. In the long run, voice recognition systems will fail under a number of plausible use cases. Like other biometrics they're simply not very good authenticators. (Whether anything is a good authenticator is still an open question. Even defining authentication can get sticky.)
A "secure" system identifying me based solely on my voice isn't something I'd trust with any amount of my data, let alone anything a hacker would care to get their hands on.
So as I see it, this is similar to the technique of lifting someone's fingerprints from a surface and using them to bypass a fingerprint scanner: not easy but doable with the right knowledge, effort, and a bit of luck... and then you can try guessing the password and such, maybe get your hands on my phone for 1TP.
has NEVER been a viable auth strategy. Any bio measure has got to be lossy, so unless you are sampling a LOT of data, neither uniqueness nor security is likely to be very good. And that--only until the data is somehow leaked, at which the main problem arises: bio data is effectively unchangeable.
I guess if your business model is to sell systems to people who don't really understand the limits of the technology, this can be a thing. I don't understand how any of these systems ever survives a serious technical review.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
