Voice hacking could be prevented with smartphone app
Image credit: Dreamstime
As voice-based devices and applications grow in popularity, the possibility of voice hacking is becoming more likely. To nip this security threat in the bud, University of Buffalo engineers have developed an app which uses smartphone tools to detect and prevent voice hacking.
With the appearance of Siri, WeChat, Alexa, Google Home and other voice-based technology, we are increasingly relying on voice recognition to interact with our devices. Consequently, the consequences of voice hacking are widening.
“Every aspect of your life is now on your phone,” said Professor Kui Ren, a professor of computer science and engineering at the University of Buffalo, and a lead author of the study. “That is your security hub, it is really critical now.”
“Hackers are out there, more than you can imagine. There is a whole underground grey market to sell your password and your personal information.”
The researchers say that in addition to passwords and fingerprint recognition, voice recognition could become a common digital security tool for our devices, and therefore also a target of hackers.
“With the Internet of Things, what is a security interface? It is not like the phone; there is often no touch screen or keypad so voice authentication may be useful,” said Professor Ren.
By collecting a short recording of a user’s voice, a hacker could replay the clip convincingly enough to trick digital security systems and access personal information.
Wary of this potential threat, Professor Ren and his team at the University of Buffalo have been working on a security app to prevent voice hacking, which they unveiled at a conference in Atlanta this week. They hope that the app could provide an extra “line of defence” to protect our devices from new forms of cyberattack.
The app uses a variety of tools already installed in most smartphones, including its compass, and is intended to prevent voice hacking using a recording of the user’s voice broadcast through a speaker, rather than impersonations.
Using the magnetometer in a phone – for its internal compass – the app can detect the magnetic field of the speaker. The app requires that the phone must be moving in a particular way when voice authentication is requested; by detecting the movement of the magnetic field when audio is played through a speaker, this type of voice hacking can be identified. The app also uses the phone’s trajectory mapping algorithm to measure the distance between speaker and phone, and guarantee an extra layer of protection.
A prototype of the app has proved highly accurate in preventing machine-based voice impersonation attacks, the researchers report. The team plan to improve the system further, before making it downloadable.
“We cannot decide if voice authentication will be pervasive in the future; it might be. We’re already seeing the increasing trend,” said Professor Ren.
“And if that is the case, we have to defend against voice replay attacks. Otherwise, voice authentication cannot be secure.”