Voice recognition technology is becoming ever more widespread in our keypad-less world where smartphones are dominating the technology market with latest security features being built into them with every new version that comes out.
The voice-recognition system, as you may already know, allows users to unlock their phones using their recorded voice. Although the technology is advanced, it does not, however, rule out the fact that it is still in its infancy and attackers can mimic a user’s voice to break into their system.
Hence, in order to avoid this, a team of researchers from the University of Buffalo have developed an app that will stop cybercriminals from using the security flaws in the voice-recognition system to breach privacy.
What is the app?
The app essentially uses the phone’s built-in magnetometer to detect if a voice that is being played is recorded.
It was designed keeping in mind the various ways an attacker can use a person’s voice to infiltrate their system. One of the ways is to try impersonating the voice. However, this may not break open the phone as there are integrated algorithms which can find out a fake voice.
The other way is to record the victim’s voice and then play it so that the phone mistakes it for the actual user. It is this hacking that the app targets to stop.
According to Kui Ren, Ph.D., director of the Ubiquitous Security and Privacy Research Laboratory (UbiSeC) at University of Buffalo:
“We cannot decide if voice authentication will be pervasive in the future. It might be. We’re already seeing the increasing trend,” Ren said. “And if that is the case, we have to defend against voice replay attacks. Otherwise, voice authentication cannot be secure.”
How does the app work?
Although the app is still in the development stage, the idea, as mentioned above, is to use the phone’s magnetometer to detect whether the voice being played is recorded.
The magnetometer is a digital compass that is in sync with the Earth’s magnetic field to figure out directions.
The same system has been integrated with the app. This is because the researchers claim that any recorded voice will be played using a device. Since the recorded voice will emit magnetic waves, the app will be able to detect the magnetic patterns and thereby decipher the fake voice.
But in order for the app to work, the device which is playing the recorded voice needs to be close to the smartphone being hacked. This may, however, not be a problem since the player will have to be close anyway if the attacker is seeking to break into the system.
The problem though lies with the app only being able to detect the voice if the attacker is moving the playing device. Moving the device will alter the magnetic waves which will lead the app to detect that the voice is not real. Therefore, the researchers are still working on refining the app.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.