Man uses AI to clone his voice and manages to break into his own bank account
Topics: Technology, Crime
Joe Harker
Featured Image Credit: @josephfcox / Twitter
Topics: Technology, Crime
AI is getting advanced enough to accurately recreate a person's voice and speech, and that's a very bad thing.
Some AI's are making progress in how to speak to people, albeit very bumpy progress fraught with a computer's desires to steal nuclear weapons and aggressively flirt with the people it's talking to.
Still, it's progress and each high profile error is helping experts work out what sort of limits we need to put on AI.
While AI is learning how to speak for itself there are also programs being developed which will allow it to speak for other people by being able to mimic a human's voice.
Advert
Even an audio sample of just a few seconds worth of speech is enough to prompt some AIs into being able to copy a human, and apparently well enough that someone could use this technology to hack that person's bank account.
Vice journalist Joseph Cox tested this out by calling up his bank and breaking into his own account without even saying a word himself.
Many banks have adopted biometrics as a means of allowing people to access financial services so rather than remembering PIN codes and passwords a simple fingerprint or few words of speech will do.
As technology develops so too do the fraudsters find ways to adapt around it and even make use of it in getting access to other people's money.
Unfortunately as Cox revealed it was disturbingly easy to fool a bank into giving up personal details after he made a clone of his voice with AI software and had it answer for him.
Ringing up UK based bank Lloyd's via their automated service line, Joseph played AI synthesised recordings of his voice to order the bank to check his balance while using another voice recording to gain entry into the account.
By making the AI say 'check my balance' when asked for the reason behind the call and 'my voice is my password' as a means of verification Cox was easily able to trick the bank into thinking it was talking to the real deal, and all of this was done using a free AI service from ElevenLabs.
The only piece of information he needed to know about himself was his date of birth, everything else was done by an AI which was able to mimic his voice near-perfectly.
New: we proved it could be done. I used an AI replica of my voice to break into my bank account. The AI tricked the bank into thinking it was talking to me. Could access my balances, transactions, etc. Shatters the idea that voice biometrics are foolproof https://t.co/YO6m8DIpqR pic.twitter.com/hsjHaKqu2E
— Joseph Cox (@josephfcox) February 23, 2023
He said it 'took some time to get the voice just right to follow my cadences' but was able to copy his own voice well enough to break into his own bank account.
When asked about this apparent workaround to their security Lloyd's told Cox they were aware of the dangers posed by voice mimicking but had not seen a case where someone's voice had been used to commit fraud against them.
They said: "Voice ID is an optional security measure, however we are confident that it provides higher levels of security than traditional knowledge-based authentication methods, and that our layered approach to security and fraud prevention continues to provide the right level of protection for customers' accounts, while still making them easy to access when needed."
This is not some new and infallible way to break into the bank accounts of people who have their voice as a password, as Cox said it took him several attempts to get the voice to fool the bank.
He used a five minute audio clip of his voice to generate the AI clone and after he 'failed multiple times' to break into his account he had the AI use a longer piece of text to generate his voice, and this was successful.
UNILAD has contacted ElevenLabs for comment.