How Banks and Telcos are About to Score an Own Goal with Voiceprint

Bad Privacy Blog by Claudiu Popa
2 min readNov 28, 2022

Will 2023 be the year #banks and telcos are finally #hacked at scale using #deepfake voice technology? One of the most puzzling trends of recent years has been the counterintuitive adoption of #voiceprint technology to authenticate callers using vocal characteristics such as pitch, timbre and tone.

https://www.forbes.com/sites/thomasbrewster/2021/10/14/huge-bank-fraud-uses-deep-fake-voice-tech-to-steal-millions/

Believe me when I say that I asked everyone from executives to #board members in these sectors how they convinced themselves to prioritize the perceived convenience of #voice recognition with the elevated risk of #security and #privacy breaches this technology introduces.

No one seems to know for sure, but a common theme seems to be the post-pandemic focus on reducing customer support costs. For the moment, companies appear to be treating impersonations and unauthorized account access as individual security incidents and password compromises, in an apparent pattern of turning a blind eye to bigger attack trends.

Way back in 2018, Google’s Duplex and Baidu’s “Deep Voice” demonstrated how a simple 5-second recording could #clone a human voice. Today, numerous AI tools such as Respeecher and Murf have improved to the point where account take-overs (ATO), vishing and other voice communication #fraud can be used for #identity theft, #cyber heists and phone number hijackings (SIM swapping).

https://www.toptal.com/insights/innovation/voice-clone

If your decision makers remain unconvinced about the clear and present #risk of adopting technology without thinking it through, the fictional but uncanny interviews with Steve Jobs and Richard Feynman hosted by podcast.ai just might get my point across.

https://arstechnica.com/information-technology/2022/10/fake-joe-rogan-interviews-fake-steve-jobs-in-an-ai-powered-podcast/

Either way, next time your phone rings and you say hello a few times into a silent line, ask yourself what someone could do with the voice recording you just provided.

Claudiu Popa is a certified information security professional and author of the Cyberfraud Taxonomy published by Thomson Reuters. He is also the mentor of graduating students from the Ontario Tech University, Seneca College and the University of Toronto, with projects including AI bot research, the proliferation of disinformation on social networks, and public cybersafety.

--

--

Bad Privacy Blog by Claudiu Popa

Fīat jūstitia, ruat cælum. Personal musings on data protection fails, snafus & oddities, written & edited by Claudiu Popa; author, educator, booknerd.