Breaking NewsFinanceNewsPoliticsTech

Some Bank Accounts Can Be Hacked with AI Voice Generation

Bank accounts that use voice authentication can be broken into using AI technology, according to a Vice Media writer who hacked into his own bank account using the technique.

Vice’s Joseph Cox has written that he successfully used an AI-generated voice to break into his own bank account, which uses voice ID as a secure way for him to log into his account.

“I proved it’s possible to trick such systems with free or cheap AI-generated voices,” Cox said. “The bank thought it was talking to me; the AI-generated voice certainly sounded the same.”

Cox explained that he called his bank’s automated service line, and then played “a synthetic clone” of his voice that he had made using “readily available artificial intelligence technology.”

The bank asked the AI-generated voice to say “my voice is my password” in order to access the account. Cox then played a clip of the synthetic voice saying “my voice is my password,” and was granted access to his account — without ever having to speak.

“I had used an AI-powered replica of a voice to break into a bank account,” Cox said. “After that, I had access to the account information, including balances and a list of recent transactions and transfers.”

The Vice writer further disclosed that he had used free voice creation service from the AI-voice company ElevenLabs.

Cox added that he also performed the same experiment with an account at Lloyds Bank in the UK.

While he couldn’t break in right away, he eventually got the bank to authenticate the AI-generated voice “after making some tweaks on ElevenLabs, such as having it read a longer body of text to make cadences sound more natural.”

“I recommend all organizations leveraging voice ‘authentication’ switch to a secure method of identity verification, like multi-factor authentication, ASAP,” Rachel Tobac, CEO of social engineering focused firm SocialProof Security, told Motherboard.

Tobac added that this type of voice replication can be “completed without ever needing to interact with the person in real life.”


Related Articles

Back to top button