èƵ

AI-generated deepfake voices can fool both humans and smart assistants

Deepfake tools that mimic a particular individual's voice from just a few snippets of audio are good enough to trick humans and bypass voice recognition systems
A woman using a voice assistant
A woman using a smart home assistant
RossHelen/Shutterstock

Freely available software that can mimic a specific individual’s voice produces results that can fool people and voice-activated tools such as smart home assistants.

Security researchers are increasingly concerned by deepfake software, which uses artificial intelligence to alter videos or photographs, for example by mapping one person’s face onto another.

at the University of Chicago and her colleagues wanted to investigate audio versions of these tools, which generate realistic English speech based on a sample of a person’s voice, after reading about such technology being used to in 2019.

Voice commands are now used to control digital home assistants like Amazon’s Alexa, as well as some automated phone systems run by businesses such as banks. “We wanted to look at how practical can these attacks be, given that we’ve seen some evidence of them in the real world,” says Wenger.

She and her colleagues used two deepfake voice synthesis systems, downloaded from the popular GitHub code repository, to mimic voices. One system, AutoVC, requires up to 5 minutes of speech to generate a passable imitation of the target voice, but the other, SV2TTS, only requires 5 seconds. “We wanted to target the low-bar attacker mindset,” says Wenger.

They used the software to try and unlock speaker recognition security systems used by Microsoft Azure, WeChat and Amazon’s Alexa system. Microsoft Azure’s voice recognition system is certified by several formal industry bodies, WeChat allows users to log in with their voice and Alexa enables people to use their voice to make payments in third-party apps like Uber.

AutoVC was able to fool Microsoft Azure around 15 per cent of the time, while SV2TTS managed 30 per cent. However, Azure requires users to speak trigger phrases to authenticate themselves, and the team found that SV2TTS could successfully spoof at least one of 10 of these common phrases for 62.5 per cent of the people the researchers tried, suggesting a persistent attacker would have a higher chance of breaking through.

Given its lower performance, the team didn’t try AutoVC against WeChat and Amazon Alexa, but SV2TTS was able to successfully fool both systems around 63 per cent of the time.

Results varied, but deepfakes were more successful at spoofing women’s voices and those of non-native English speakers. “Why that happened, we need to investigate further,” says Wenger.

Microsoft declined to comment, while WeChat didn’t respond to èƵ’s request to comment. An Amazon spokesperson said: “Alexa is built with multiple layers of privacy and security designed to keep customer information safe.”

The deepfake voices weren’t only successful against computer systems. In a separate experiment, the team asked 200 people to identify whether voices were fake or real, with the fakes fooling them around half the time.

“We’ve already seen synthetic voice deployed ‘in the wild’ to compromise both humans and biometric targets, with this research reinforcing the technology’s viability even at this early stage in its development,” says at Metaphysic, a company developing tools for deepfakes.

“The realism and accessibility of voice synthesis is only going to improve, bringing with it profound implications for the cybersecurity landscape as our voices increasingly become biometric keys to our digital lives,” says Ajder.

Reference:

Topics: security