Siri might be laughably incompetent right now, but it’s hard to argue that voice won’t play a substantial role in our future interactions with our smart devices.
Unfortunately, voice is one of the easiest things to hack. With an audio sample just a few minutes long, it’s possible for an attacker to simulate your voice convincingly enough to trick both people and high-end voice recognition systems.
Now, however, a team of New York State University engineers has developed a defence against this threat. Using only tools already on smartphones, it can detect machine-based voice impersonation attacks.
“Every aspect of your life is now on your phone,” said Kui Ren, director of the Ubiquitous Security and Privacy Research Laboratory and lead author on a paper describing the defence system that’ll be presented this week in Atlanta at the 37th International Conference on Distributed Computing Systems.
“That is your security hub. It is really critical now.”
How it works
Any attempt to replay your voice to fool a computer system must be broadcast on a speaker, and speakers generate a magnetic field as they operate. Inside your phone, however, is a magnetometer that’s normally used as a compass in navigation apps.
As well as this, the system uses the smartphone’s trajectory mapping algorithm to figure out the distance between the phone and the speaker. By mandating that a user be close to their phone when speaking, it guarantees that the magnetic field will be detected.
Finally, as a third layer of security, the system asks the user to move the phone in front of their mouth while using voice recognition. When a speaker playing a voice recording is moved, the magnetic field will change and the phone can detect it.
“With the Internet of things, what is a security interface? It is not like the phone. There is often no touchscreen or keypad so voice authentication may be useful,” said Ren.
“Technology is advancing so fast; we have to think of different ways. The strategy is using multiple lines of defense. We call that defense in depth.”
Sоurсе: techradar.com
