Money has been withdrawn from your account. You don't remember making, or authorising that transaction. When you follow up with the bank, they say you called earlier and requested the transfer - it was, after-all, you speaking - right? Unbeknownst to you, your voice was stolen, and so was your money. With the rise of voice authentication biometrics, so will the opportunities to spoof it. Text-to-Speech API's are constantly improving, with Google's technology now being indistinguishable from the real human speaker. Threat actors have access to a target's YouTube videos, social media posts. Even more invasive channels are certain vulnerable IoT devices, littered throughout homes and offices. Social media posts and IoT's allow threat actors to listen to your voice, capture and then manipulate it (all using free online tools). So what exactly can be done with a 'stolen' voice? This research explores the possibilities of banking fraud, by using voice-spoofing to bypass authentication and withdraw funds.

1. PUT WORDS IN MY MOUTH
DC2711
Amy Mania
amy@telspace.co.za | @The_MunX

2. whoami
• Junior Security Analyst @ Telspace
• Recreational Researcher
• Architect
• Understand how to make, so you can learn
how to break.

3. PUT WORDS IN MY MOUTH
INTRODUCTION
POP CULTURE, IOTS, ANATOMY, SOFTWARE
IN THE WILD
RESEARCH, PREDICTIONS, INCIDENTS
PROOF OF CONCEPT

4. CONTEXT

6. IoT

7. IoT

8. IoT
• Reputable brand = security + updates
• Cheap device = stuck with initial product

9. IoT
• Designed to always be listening.
• Google & Amazon staff QA recorded audio.
• Trust? Privacy?

10. IoT
• Always listening = always recording
• Where is this data stored?
• Database breach?

11. IoT
But, how do machines understand us?

12. HOW A VOICE IS MADE
The Part That
Makes Sound:
string of a
violin
vocal folds
The Part That
Shapes Sound:
body of a violin
supralaryngeal
articulators

13. HOW A VOICE IS MADE
supralaryngeal articulators/vocal tract

14. VOICE RECOGNITION
Phenomes:
• r eh k ao g n ay z s p iy ch
– "recognise speech "
• r eh k ay n ay s b iy ch
– "wreck a nice beach"

15. VOICE RECOGNITION
• Homonyms
– there and their
– air and heir
– be and bee
• Speech
– accent
– tempo & mumble
– enunciation

16. VOICE RECOGNITION
• How does software understand WHAT we
are saying?
• NATURAL LANGUAGE PROCESSING:
– CONTEXT and/or PROBABILITY

17. VOICE-PRINTING

18. VOICE VERIFICATION
How voices are identified as unique:
• Text Dependent:
– Same passphrase during sign-up and verification
• Text Independent
– verifying the identity without constraint on the
speech content

19. EACH VOICE IS “UNIQUE”
Listen up, maggots. You are not special.
You are not a beautiful or unique snowflake.
You're the same decaying organic
matter as everything else.
Tyler Durden - Fight Club

20. THE LAW
• Protection of Personal Information Act
Biometric information includes a technique of
personal identification that is based on physical,
physiological or behavioural characterisation
including blood typing, fingerprinting, DNA
analysis, retinal scanning and voice recognition.

21. THE LAW
• Verbal agreements are no less binding than
written agreements.
• Having your voice spoofed is theft!

22. IN THE WILD
Many predictions about voice spoofing attacks…
• Breaking Smart Speakers: We Are Listening To You - Tencent Blade Team
• Your Voice is My Passport – Seymour & Aqil
• This AI Can Clone Any Voice, Including Yours - Bloomberg
• Can-You-Hear-Me Scam - Criminals
• Vocal theft on the horizon - Taylor Armerding
• Busted: Thousands Of Amazon Employees Listening To Alexa Conversations – Durden
• Digital Voice Assistants: The New Front in the War on IoT Hackers – Edwards
• Balancing safety and convenience with biometrics – Gool

23. IT HAPPENED…

24. IN THE WILD

25. IN THE WILD
• Attacks require a lot of preparation, time,
‘expertise’ and resources.
• Attack vector will become much easier.
• ‘High profile’ individuals = more risk.

26. TOOLS

27. THE FOLLOWING AUDIO CLIPS ARE NOT REAL, THEY
WERE GENERATED BY A MACHINE LEARNING MODEL:

28. TOOLS
• TacoTron
• LyreBird
• Adobe VoCo

29. DEEP FAKE APPLICATIONS

31. DEEPTHROAT
INPUT: SAMPLE VOICE
M A G I C
OUTPUT: SPOOFED VOICE

32. DEEPTHROAT – STEP 1
• Input audio
– e.g. recording from IoT, or videos from YouTube
• Cut input into 10 second clips
• Pass to a Subtitle API
– Manually check subtitles/transcription

33. DEEPTHROAT – STEP 2
• App takes input audio and it is processed
through the Deep Learning model

34. DEEPTHROAT – STEP 3
• Threat Actor prepares the Attack Script
• Once the spoofed voice is generated, the
App automatically creates the sentences
from the Attack Script

35. DEEPTHROAT – STEP 4
• Connect VAC
– Virtual Audio Cable allows sound from one
application to be passed to another.
• Connects to a Phone-Call App (e.g. Skype)
– Can make international calls
– Number cannot be easily traced back

36. DEEPTHROAT – STEP 5
• Ambiance
– Background noise can be added to cover up for
poorly generated syllables or make the audio
sound more realistic

37. DEEPTHROAT – STEP 6
ATTACK

38. PoC

39. PoC
Can this fool a bank?

40. PoC

41. PoC

42. PoC
Real-Time-Voice-Cloning Demo

43. MITIGATION
• Prevention is almost impossible*
• Opt out if a service-provider uses your voice
for identity-verification or authorisation.

44. MITIGATION
• Something you know (PASSWORD)
• Something you ‘are’ (VOICE/FINGERPRINT)
• Something you have (PHYSICAL TOKEN/2FA)