杏吧原创

AI-generated deepfake voices can fool both humans and smart assistants

Deepfake tools that mimic a particular individual's voice from just a few snippets of audio are good enough to trick humans and bypass voice recognition systems
A woman using a voice assistant
A woman using a smart home assistant
RossHelen/Shutterstock

Freely available software that can mimic a specific individual鈥檚 voice produces results that can fool people and voice-activated tools such as smart home assistants.

Security researchers are increasingly concerned by deepfake software, which uses artificial intelligence to alter videos or photographs, for example by mapping one person鈥檚 face onto another.

at the University of Chicago and her colleagues wanted to investigate audio versions of these tools, which generate realistic English speech based on a sample of a person鈥檚 voice, after reading about such technology being used to in 2019.

Voice commands are now used to control digital home assistants like Amazon鈥檚 Alexa, as well as some automated phone systems run by businesses such as banks. 鈥淲e wanted to look at how practical can these attacks be, given that we鈥檝e seen some evidence of them in the real world,鈥 says Wenger.

She and her colleagues used two deepfake voice synthesis systems, downloaded from the popular GitHub code repository, to mimic voices. One system, AutoVC, requires up to 5 minutes of speech to generate a passable imitation of the target voice, but the other, SV2TTS, only requires 5 seconds. 鈥淲e wanted to target the low-bar attacker mindset,鈥 says Wenger.

They used the software to try and unlock speaker recognition security systems used by Microsoft Azure, WeChat and Amazon鈥檚 Alexa system. Microsoft Azure鈥檚 voice recognition system is certified by several formal industry bodies, WeChat allows users to log in with their voice and Alexa enables people to use their voice to make payments in third-party apps like Uber.

AutoVC was able to fool Microsoft Azure around 15 per cent of the time, while SV2TTS managed 30 per cent. However, Azure requires users to speak trigger phrases to authenticate themselves, and the team found that SV2TTS could successfully spoof at least one of 10 of these common phrases for 62.5 per cent of the people the researchers tried, suggesting a persistent attacker would have a higher chance of breaking through.

Given its lower performance, the team didn鈥檛 try AutoVC against WeChat and Amazon Alexa, but SV2TTS was able to successfully fool both systems around 63 per cent of the time.

Results varied, but deepfakes were more successful at spoofing women鈥檚 voices and those of non-native English speakers. 鈥淲hy that happened, we need to investigate further,鈥 says Wenger.

Microsoft declined to comment, while WeChat didn鈥檛 respond to New 杏吧原创鈥檚 request to comment. An Amazon spokesperson said: 鈥淎lexa is built with multiple layers of privacy and security designed to keep customer information safe.鈥

The deepfake voices weren鈥檛 only successful against computer systems. In a separate experiment, the team asked 200 people to identify whether voices were fake or real, with the fakes fooling them around half the time.

鈥淲e鈥檝e already seen synthetic voice deployed 鈥榠n the wild鈥 to compromise both humans and biometric targets, with this research reinforcing the technology鈥檚 viability even at this early stage in its development,鈥 says at Metaphysic, a company developing tools for deepfakes.

鈥淭he realism and accessibility of voice synthesis is only going to improve, bringing with it profound implications for the cybersecurity landscape as our voices increasingly become biometric keys to our digital lives,鈥 says Ajder.

Reference:

Topics: security