Voice commands can now be used for almost anything, from playing a song on Alexa to authenticating personal accounts. According to venture capitalist Mark Tluszcz, voice technology will end the need for keyboards within five years, and most applications will integrate voice technology in some way.
This technology is poised to take off and transform daily life, but there are concerns about voice recognition security that have to be taken seriously. As voice-mimicking technology becomes more sophisticated, individual and business security strategies will have to include consideration for how voice-based fraud could create cyber vulnerabilities.
The rise of voice technology
So far, the voice recognition field has been dominated by tech giants. Apple, Amazon, Google, and even Facebook are competing to innovate and improve on voice technology and find ways to integrate it into consumers’ daily lives. Right now, we are at a tipping point.
ComScore anticipates that 50 percent of all searches will be voice searches by 2020. Analysis from Juniper Research predicts that by 2023, there will be 8 billion digital voice assistants in use, up from 2.5 billion digital assistants in 2018. Thirteen percent of U.S. households owned a smart speaker in 2017, and that number is expected to rise to 55 percent by 2022, according to OC&C Strategy Consultants. Also, between 2017 and 2018, the number of smart speakers in the U.S. grew by 78 percent.
These numbers show that consumers are becoming increasingly reliant on voice technology, and a survey from Adobe revealed that 54 percent of consumers with a voice assistant use them at least once a day. The most popular uses of voice commands are playing music and asking about the weather, followed by general questions and research.
Businesses across industries are now embracing voice technology in a variety of ways. Voice recognition security tools, for instance, have emerged as a way to address certain types of telephone-based fraud and provide advanced security in the areas of banking and e-commerce. Voice technology is also used in customer support to answer FAQs and provide tutorials that walk consumers through common problems, which helps businesses manage a high volume of customer inquiries at scale.
Flaws in voice recognition security
As with any popular technology, hackers and cybercriminals are looking for opportunities to exploit voice recognition. In 2017, there were multiple reports of Nest security cameras being hacked, with families reporting that strangers issued voice commands to Alexa, announced a (fake) North Korean missile attack, turned up the thermostat to 90 degrees, shouted insults, and, in one case, talked directly to a child.
Weak passwords and a lack of two-factor authentication can certainly compromise voice technology security, but hackers can also hide inaudible commands in audio files or bury malicious commands in white noise to get voice-controlled devices to respond. One method called a “DolphinAttack” involves commands being broadcasted on a frequency that humans can’t hear. And hackers can get around biometric voice identification with voice cloning technologies to steal someone’s voice or create audio “deepfakes.” In fact, at the 2018 Black Hat conference, two engineers were able to “break” voice authentication in Microsoft software with “minimal effort.”
Ramping up business security
Given these security risks, organizations need to protect their voice technologies from being exploited. It’s key that employees avoid connecting to smart speakers on sensitive or critical accounts or through voiceprint log-ins. This has to be the standard from the top-down and from the bottom up. IT pros need to educate employees on the risks of voice-technology and how they can protect themselves, which means advising them to avoid voiceprint log-ins or only use them in conjunction with other forms of authentication.
IT pros should also educate employees on how to identify voice fraud and phishing attempts. A report from Pindrop found that voice fraud calls have increased by 350 percent over the past few years, and AI chatbots can now make calls that sound pretty real and might convince people to share private information. Employees can avoid scams by rejecting calls from unknown numbers, installing call-blocking apps, and ensuring that the person on the other end of the phone is who they say are, as scammers can make calls look like they’re coming from known contacts.
Voice recognition security should be an integrated part of overall business security. Businesses must regularly audit their company’s IT security and upgrade to modern devices with embedded security features that continuously monitor for suspicious activity, such as HP printers. As this technology continues to evolve, the security risks it poses are also developing in number and scope. Don’t let voice technology be the vulnerability that lets hackers access your organization’s devices and systems.