Study describes how app, soon to be available, will help thwart growing cybersecurity threat
While convenient, Siri, WeChat and other voice-based smartphone apps can expose you to a growing security threat: voice hacking.
With just a few minutes of audio samples, attackers can replay your voice convincingly enough to trick people as well as top digital security systems. The consequences, from impersonating you with your friends to dipping into your bank account, are terrifying.
Using only tools already on smartphones, including the compass, a University at Buffalo-led team of engineers is creating an app to stop voice hacking. Described in a study to be presented this week in Atlanta at the 37th International Conference on Distributed Computing Systems, a prototype proved highly accurate in stopping machine-based voice impersonation attacks.
“Every aspect of your life is now on your phone,” said Kui Ren, PhD, director of the Ubiquitous Security and Privacy Research Laboratory (UbiSeC) at UB, and one of the study’s lead authors. “That is your security hub. It is really critical now.”
Ren, a professor of computer science and engineering in UB’s School of Engineering and Applied Sciences, doesn’t mince words when discussing the importance of better cellphone security.
“Hackers are out there, more than you can imagine. There is a whole underground grey market to sell your password and your personal information,” he said.
The best way to protect your cellphone, he said, is to use several security methods.
“Technology is advancing so fast; we have to think of different ways. The strategy is using multiple lines of defense. We call that defense in depth,” he said.
Voice recognition could become a more common security tool because more Internet-connected devices are being developed that do not have keypads, he said.
“With the Internet of things, what is a security interface? It is not like the phone. There is often no touch screen or keypad so voice authentication may be useful.” he said.
The study, which Ren co-authored with former PhD student Si Chen (now an assistant professor at West Chester University of Pennsylvania), has been awarded the Best Student Paper Award at the conference, which is organized by the Institute of Electrical and Electronic Engineers.
Voice recognition attacks can come in various forms. Attacks can synthesize your voice, but these are detectable by existing algorithms. A human can imitate your voice, but again, existing technology can detect this.
A third method is replaying someone’s actual voice, and here is where Ren’s invention comes in. Any replay must be broadcast on a speaker, and speakers have magnetic fields. Ren’s system uses the magnetometer in a phone, which is there for the phone’s compass, to detect a magnetic field.
In addition, the system uses the phone’s trajectory mapping algorithm to measure the distance between the speaker and the phone. It requires a phone user to be close to the phone when speaking to guarantee that anyone using a replay of a voice over a mechanical speaker is close enough that the magnetic field can be detected.
Finally, the system requires that the phone be moving — swung in front of the mouth — when the voice recognition is being used. When a replayed voice is moved, the magnetic field changes and the phone can detect this.
Several of Ren’s former and current PhD students are co-authors of the study, including Chen, Sixu Piao, Cong Wang, and Qian Wang, in addition to Lu Su and Aziz Mohaisen, both assistant professors in UB’s Department of Computer Science and Engineering, and Jian Weng from Jinan University, China.
The team plans to refine the system and soon make it downloadable as an app.
“We cannot decide if voice authentication will be pervasive in the future. It might be. We’re already seeing the increasing trend,” Ren said. “And if that is the case, we have to defend against voice replay attacks. Otherwise, voice authentication cannot be secure.”
The Latest on: Voice hacking
Easy Brand Hack That Will Make Your Small Business Stand Out
on April 18, 2018 at 9:25 am
Here, I’ll show you how a brand hack that will give you a change in perspective will ... are overused become meaningless in marketing—and to stand out by owning her voice and being herself. While she loved this idea, she was understandably still ... […]
Warning From Homeland Security, FBI: Russia Wants To Hack Your ISP Router
on April 17, 2018 at 6:53 pm
With the entire world watching what turn the international Russian conflict takes next, federal officials are warning area residents that a cyber strike could be the newest threat as hackers target routers and other network devices. The Department of ... […]
Older Emergency Alert Systems Pose a Hacking Risk, Researchers Find
on April 11, 2018 at 12:46 pm
A hacker could broadcast his or her own voice as a public address audible to the entire city ... False alarms have caused dangerous panic, as was seen in Hawaii on Jan. 13. Human error, not hacking, caused an emergency text message warning of an incoming ... […]
Indy Hack: Dalai Lama’s approval of cult leaders in exchange for money is well known
on April 10, 2018 at 5:46 am
Artvoice publishes a multiplicity of views and opinions and does not necessarily endorse all of them. Indy Hack has been covering the Dalai Lama and his group for several years and has formed a view that may be worth the reader’s time to assess. […]
Voice Activated | Technology in Focus
on April 2, 2018 at 1:16 pm
Voice-activated speakers can also interface with other Internet ... orders from Amazon using Alexa to acquaintances inside the home who could theoretically hack a device or change its settings without an owner’s knowledge—pose the biggest threat ... […]
via Google News and Bing News