How secure are voice authentication systems really?

Attackers can break voice authentication with up to 99 per cent success within six tries Computer scientists at the University of Waterloo have discovered a method of attack that can successfully bypass voice authentication security systems with up to a 99% success rate after only six tries. Voice authentication - which allows companies to verify the identity of their clients via a supposedly unique "voiceprint" - has increasingly been used in remote banking, call centers and other security-critical scenarios. "When enrolling in voice authentication, you are asked to repeat a certain phrase in your own voice. The system then extracts a unique vocal signature (voiceprint) from this provided phrase and stores it on a server," said Andre Kassis, a Computer Security and Privacy PhD candidate and the lead author of a study detailing the research. "For future authentication attempts, you are asked to repeat a different phrase and the features extracted from it are compared to the voiceprint you have saved in the system to determine whether access should be granted." After the concept of voiceprints was introduced, malicious actors quickly realized they could use machine learning-enabled "deepfake" software to generate convincing copies of a victim's voice using as little as five minutes of recorded audio. In response, developers introduced "spoofing countermeasures" - checks that could examine a speech sample and determine whether it was created by a human or a machine. The Waterloo researchers have developed a method that evades spoofing countermeasures and can fool most voice authentication systems within six attempts.