Social MediaTwitter

Amy Manià



Amy is currently a Security Analyst at Telspace Systems. Amy is currently focused on penetration testing, but comes from a career as a Professional Architect. Her history in ‘making things’ has led to an interest in ‘breaking them apart’.

With a curious mind, she innately has the ability to notice where well-meaning applications could become dangerous tools in the hands of an attacker.
Amy is also passionate about the information security community and regularly attends community based events.

Title: Put Words In My Mouth

Money has been withdrawn from your account.
You don’t remember making, or authorising that transaction.

When you follow up with the bank, they say you called earlier and requested the transfer – it was, after-all, you speaking – right? Unbeknownst to you, your voice was stolen, and so was your money.

With the rise of voice authentication biometrics, so will the opportunities to spoof it. Text-to-Speech API’s are constantly improving, with Google’s technology now being indistinguishable from the real human speaker.

Threat actors have access to a target’s YouTube videos, social media posts. Even more invasive channels are certain vulnerable IoT devices, littered throughout homes and offices. Social media posts and IoT’s allow threat actors to listen to your voice, capture and then manipulate it (all using free online tools).

So what exactly can be done with a ‘stolen’ voice? This research explores the possibilities of fraud, by using voice-spoofing to bypass authentication.