The Dangers of Voice Authentication Services and Your Financials

posted in: General, Investigations
fictitious bank

You set up a voice greeting on your cellphone. Hey! You think… it sounds better than the robot one that comes with your cellphone, right? So, what’s the harm? Well, you’re potentially giving the cybercriminal access to your financials and many other electronic services. How? Financial institutions are now offering voice recognition to manage your bank account, allow money transfers, reset passcodes, and even talk to some of the banking agents. This feature is headed to a fast spiral downhill just waiting for your account to be compromised.

Basically, what happens is the cybercriminal gains access to your cellphone number by either searching on the dark web, simply by surfing the internet (e.g., social media, newgroups, or stolen email), you use your phone number on your website, or because one of your friends posted it on some platform without you knowing about.

Now that the cybercriminal has your phone number s/he can, with little effort, determine what time zone you’re in. Why does your time zone matter? Most people in the United States work between early morning hours (6:00am) to early evening (6:00pm). Outside of that time frame, we tend to put our cell phones away or ignore the spam call that comes in.

When a call rolls to voicemail, and your greeting plays, the greeting you created gets recorded to either a computer or other recording device. It’s this recording that is used to authenticate your voice when dealing with your bank. The cybercriminal then uses a synthesizer to recreate your voice, which is played back when the bank prompts for it, often creating complete pre-recorded sentences.

A synthesizer is an electronic musical instrument that uses audio signals to take electronic sounds and enters them into a computer. Usually synthesizers are played with keyboards, software, or other instruments. So, a vocal synthesizer just means that you are using the human voice as the instrument.

What’s the better step? Stick to a stock recording that comes with your phone service. Even if your phone lets you set up different recordings for different times of the day, use a stock recording. The process to compromise voice authentication services is easy, and we don’t need additional problems with securing our information.