In the past few years, a new, alternative to traditional passwords has started to be implemented by many services we use – most widely in banking.
Rather than have to go through multiple security questions, many banks have implemented systems known as IVR – Instant Voice Response, more commonly known as “My voice is my password”
These systems work by taking a sample of your spoken words and convert them to a data signal which can then be used to cross reference your voice whenever you call to speak with an agent, check a balance, pay a bill, etc. without having to answer the traditional 3 security questions.
The screenshot below is from T-Mobile’s website praising their use of the service
The below screenshot is from the Bank of Scotland’s Voice ID FAQ pages.
It seems that this is fast becoming the way most service centers want us to operate.
It’s convenient
It’s fast
It’s safe
weeeeellllll…. Maybe not….
AI & Deepfakes
Back in January, I posted a blog about AI & Deep fakes where I wrote about the introduction of Vall-E – Microsoft’s voice simulator which is capable of mimicking a person’s voice with only 3 seconds of data to train from.
Now Vall-E is not new in this space, there are many other such systems, it’s just the speed at which Vall-E can work that sets it apart from other voice AI systems.
Joseph cox (Twitter @josephfcox)- a journalist on hackers/crime/privacy at vice.com has recently posted a video where he fools the VoiceID system at Lloyds bank (owners of Bank of Scotland) to allow him to access his banking data.
The video, and full explanation of how he trained the ElevenLabs voice AI is covered via his article on vice.com
Don’t panic (yet)
For most people, Voice ID is an optional security feature which you must manually enable on your accounts. However, it seems to be that most organisations who are leveraging this technology are looking at it becoming the norm, rather than an option.
So, for now, your accounts should be safe. For how long, is another question.