CALL 0121 289 4477
We could all agree that businesses aim to make their services as easily accessible to their customers as possible.
With voice-based inquiries gaining in popularity, businesses are paying attention to voice biometrics and speech technologies.
A good example of this could be HSBC (a British Banking company) which now has nearly 2.8 million active voice biometrics users.
However, with every new security measure and development of technology, there are also newly created Cyber Threats with them that can risk your Cyber Security.
In this blog, we’re going to look at how a new Voice AI called “ElevenLabs” can cause major risks to voice biometric authentication.
But first, let’s explain why voice biometric authentication is becoming more popular so quickly.
Asides from the constant advancement of authentication measures in IT generally, there are a few reasons why voice biometrics have become so popular specifically:
Voice biometrics is recognized as the only biometric authentication method available for remote use. Making it easier for consumers and enterprises to use and deploy.
There is also a more sophisticated, and more promising form of authentication called ‘passive’ or ‘text independent’ speaker verification. This involves verifying a user by their voice in an active conversation over a call.
Now we understand how this authentication process has become so popular in recent years, let’s go over the Cyber threat associated with it, specifically, by using a voice AI tool called ElevenLabs.
Firstly, let’s go over what ElevenLabs actually is, as the term “Voice AI” is quite a broad definition.
ElevenLabs uses its own unique AI to allow users to synthesise voices with a specific feature they have called “Voice Lab”.
As you can see in the figure above, ElevenLabs can use an audio recording of a real person’s voice and mimic it.
This has been already used a lot on social media for entertainment value. I’m sure you might’ve seen something on social media like this already, e.g., an AI comedically mimicking a celebrity or political figure.
However, there is also a very serious Cyber threat born out of this feature when paired with authentication as we talked about earlier. An example would be the “My Voice is my password” practice that companies like HSBC use.
This is because all someone would need is a recording of your voice to then use this AI or something similar to essentially “steal your voice” and gain access to your account information… a scary thought for the future!
Especially considering the context in which we are talking here. On a phone call, line interference and a bad signal can occasionally distort the caller’s voice.
Meaning, when you hear an AI voice over the phone, you might blame the distorted sound on that rather than immediately thinking it’s an AI.
Let’s give you a fake scenario here of what someone with this AI tool could do to gain access to your HSBC account through their “My voice is my password” security practice:
A malicious user finds your profile on social media and searches it for any sensitive information you have. For now, let’s pretend they also know you bank with HSBC.
The malicious user sees multiple videos of you on your profile where you are speaking clearly, sometimes with barely any background noise or interference from the voices of other people.
The user samples these audio clips of you to ElevenLab’s “Voice-cloning” feature and creates an AI, that sounds almost identical to you.
Then, the user calls your bank. You aren’t even aware of any of this, as at the time, the user hasn’t done anything that you could notice until it’s too late.
By using the AI, the user could script the AI to greet the bank operator in a seemingly normal way. As they input scripts into it, the dialogue could seem a little strange, but, nothing out of the ordinary.
The user could then make the AI say the phrase “My Voice is my Password” and then have a good chance at gaining access to your bank account.
At this point, the Cyber threat has reached its highest point of danger, yet you will still not even notice until you notice strange activity on your account, but by then… it’s too late.
So now you understand why voice biometrics has gained popularity and the corresponding Cyber threat associated with it due to developing AI such as ElevenLabs.
Our Conclusion is that all security measures on the internet follow the same pattern. With every new advancement in Cyber Security measurements, comes advancement in Cyber threats.
However, the important thing to keep in mind, therefore, is awareness. If you don’t know the possible threat or drawbacks of using a security measure or doing just about anything on the internet, how can you be prepared to protect yourself from it?
Because of this, we recommend everyone takes the time to stay up to date on current Cyber Security advancements and also to train their employees on Cyber Security and awareness.
We hope you liked this blog, be sure to stay up to date with our latest blog releases, ranging from discussing new Cyber threats like this to exciting IT News in the industry. Thank you for reading!