App uses smartphone compass to stop voice hacking

June 5, 2017 by Grove Potter
The app uses uses the magnetometer in a phone, which is there for the phone’s compass, to detect a magnetic field. Credit: University at Buffalo

While convenient, Siri, WeChat and other voice-based smartphone apps can expose you to a growing security threat: voice hacking.

With just a few minutes of audio samples, attackers can replay your convincingly enough to trick people as well as top digital systems. The consequences, from impersonating you with your friends to dipping into your bank account, are terrifying.

Using only tools already on smartphones, including the compass, a University at Buffalo-led team of engineers is creating an app to stop voice hacking. Described in a study to be presented this week in Atlanta at the 37th International Conference on Distributed Computing Systems, a prototype proved highly accurate in stopping machine-based voice impersonation attacks.

"Every aspect of your life is now on your ," said Kui Ren, PhD, director of the Ubiquitous Security and Privacy Research Laboratory (UbiSeC) at UB, and one of the study's lead authors. "That is your security hub. It is really critical now."

Ren, a professor of computer science and engineering in UB's School of Engineering and Applied Sciences, doesn't mince words when discussing the importance of better cellphone security.

"Hackers are out there, more than you can imagine. There is a whole underground grey market to sell your password and your personal information," he said.

The best way to protect your cellphone, he said, is to use several security methods.

"Technology is advancing so fast; we have to think of different ways. The strategy is using multiple lines of defense. We call that defense in depth," he said.

Voice recognition could become a more common security tool because more Internet-connected devices are being developed that do not have keypads, he said.

"With the Internet of things, what is a security interface? It is not like the phone. There is often no touch screen or keypad so voice authentication may be useful." he said.

The study, which Ren co-authored with former PhD student Si Chen (now an assistant professor at West Chester University of Pennsylvania), has been awarded the Best Student Paper Award at the conference, which is organized by the Institute of Electrical and Electronic Engineers.

Voice recognition attacks can come in various forms. Attacks can synthesize your voice, but these are detectable by existing algorithms. A human can imitate your voice, but again, existing technology can detect this.

A third method is replaying someone's actual voice, and here is where Ren's invention comes in. Any replay must be broadcast on a speaker, and speakers have magnetic fields. Ren's system uses the magnetometer in a phone, which is there for the phone's compass, to detect a .

In addition, the system uses the phone's trajectory mapping algorithm to measure the distance between the speaker and the phone. It requires a phone user to be close to the phone when speaking to guarantee that anyone using a replay of a voice over a mechanical speaker is close enough that the magnetic field can be detected.

Finally, the system requires that the phone be moving—swung in front of the mouth—when the is being used. When a replayed voice is moved, the magnetic field changes and the phone can detect this.

Several of Ren's former and current PhD students are co-authors of the study, including Chen, Sixu Piao, Cong Wang, and Qian Wang, in addition to Lu Su and Aziz Mohaisen, both assistant professors in UB's Department of Computer Science and Engineering, and Jian Weng from Jinan University, China.

The team plans to refine the system and soon make it downloadable as an app.

"We cannot decide if voice authentication will be pervasive in the future. It might be. We're already seeing the increasing trend," Ren said. "And if that is the case, we have to defend against voice replay attacks. Otherwise, voice authentication cannot be secure."

Explore further: How Burger King revealed the hackability of voice assistants

Related Stories

Report: Trusted Voice option rolling out for some

April 15, 2015

Smart Lock is arguably the best new feature in Android Lollipop, wrote Droid Life founder "Kellex" in March. With a secure lock screen set, he said, the user gets a number of options in Smart Lock to keep the phone or tablet ...

Speech signal processing—enhancing voice conversion models

December 27, 2016

Altering a person's voice so that it sounds like another person is a useful technique for use in security and privacy, for example. This computational technique, known as voice conversion (VC), usually requires parallel data ...

A look at how your voice is being used to ID you

October 13, 2014

Businesses and governments around the world are increasingly turning to voice biometrics, which sometimes are described as voiceprints, to replace passwords and fight fraud. A look at this fast-growing technology:

Recommended for you

The wet road to fast and stable batteries

December 14, 2017

An international team of scientists—including several researchers from the U.S. Department of Energy's (DOE) Argonne National Laboratory—has discovered an anode battery material with superfast charging and stable operation ...

US faces moment of truth on 'net neutrality'

December 14, 2017

The acrimonious battle over "net neutrality" in America comes to a head Thursday with a US agency set to vote to roll back rules enacted two years earlier aimed at preventing a "two-speed" internet.

4 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

gculpex
not rated yet Jun 05, 2017
And what happens if you have a cold? or food in your mouth? Choking? gasping?...
TheGhostofOtto1923
not rated yet Jun 05, 2017
I suppose this era of vulnerability will begin to subside once our electronics are internalized and identification can be based on our DNA.
Da Schneib
not rated yet Jun 05, 2017
This is fairly sharp; security in this area is lagging a bit, so hopefully this will let the clueful protect themselves until these vulnerable apps can armor up.
antialias_physorg
not rated yet Jun 06, 2017
The security-in-depth approach is certainly one that should be followed in the future. Single point of failure for security relevant procedures invites disaster.

Biometrics (voice, retina , fingerprint) have been heralded as secure - but it turns out they can be cicumvented almost as easily as passwords. What is worse: while you can change a password you cannot change your biometrics -so once compromised they are forever compromised.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.