Voice ID Users, Beware

Ahmed was able to alter her voice and trick the machine-learning algorithms. Todd Brown

Automatic speaker identification, a tool that uses a person’s voice as a passcode, is gaining popularity to deter hackers from stealing data.

However, a UW–Madison research team, led by Shimaa Ahmed PhDx’24 and Kassem Fawaz, an associate professor of electrical and computer engineering, has found a significant vulnerability in the systems. By speaking through PVC pipes — the type found at most hardware stores — they were able to alter their voices and trick the machine-learning algorithms that support the speaker ID systems.

The team adjusted the length and diameter of PVC pipes until they could produce the same resonance as the voice they were attempting to imitate. Eventually, they developed an algorithm that can calculate the PVC pipe dimensions needed to transform the resonance of almost any voice to imitate another. They successfully fooled the security systems with the PVC tube 60 percent of the time, while unaltered human impersonators were able to fool the systems only 6 percent of the time.

The risks posed by the security hole could be far-reaching. Ahmed points out that many commercial companies already sell the technology, with financial institutions among their early customers.

Published in the Winter 2023 issue