Using tools already on smartphones, including the compass, researchers are developing an app to stop machine-based voice impersonation attacks on voice-based smartphone apps such as Siri and WeChat. With just a few minutes of audio samples, attackers can replay your voice convincingly enough to trick people as well as top digital security systems. The consequences, from impersonating you with your friends to dipping into your bank account, are terrifying.
"We cannot decide if voice authentication will be pervasive in the future. It might be. We're already seeing the increasing trend," said Kui Ren, Professor at University at Buffalo in New York, and one of the study's lead authors. "And if that is the case, we have to defend against voice replay attacks. Otherwise, voice authentication cannot be secure," Ren said. Voice recognition attacks can come in various forms. Attacks can synthesise your voice, but these are detectable by existing algorithms. A human can imitate your voice, but again, existing technology can detect this.
A third method is replaying someone's actual voice, and here is where the new invention comes in. Any replay must be broadcast on a speaker, and speakers have magnetic fields. Ren's system, scheduled to be presented at the 37th International Conference on Distributed Computing Systems in Atlanta, uses the magnetometer in a phone, which is there for the phone's compass, to detect a magnetic field.
In addition, the system uses the phone's trajectory mapping algorithm to measure the distance between the speaker and the phone. When a replayed voice is moved, the magnetic field changes and the phone can detect this. The research team plans to refine the system and soon make it downloadable as an app.