Subscribe to our Telegram channel
Artificial intelligence was used to hack a bank account using a synthesized voice
A journalist from Motherboard called the call center of the British Lloyds Bank and asked to check his account balance using an artificially generated voice. The robotic voice menu asked for the date of birth to be entered or spoken as the first part of the authentication. After that, it was necessary to say the login phrase: «My voice is my password». The expert played the sound file from the computer again. The security system identified the voice and opened access to the bank account information, including the balance, a list of recent transactions and transfers.
The media outlet used a free voice generation service from ElevenLabs. To create the desired audio track, the author of the experiment recorded about 5 minutes of his conversation and uploaded it to the program. After processing, the synthetic voice would pronounce any required message.
Until then, this «test» had failed — the Lloyd Bank system could not identify the user’s voice. After the journalist read a longer text for ElevenLabs to make the speech sound more natural, the generated sound successfully bypassed the bank’s security system.
The journalist noted that for this particular attack, the fraudster would need to know the victim’s date of birth, but in the age of social media, this is not a big deal. Lloyds Bank stated that they are aware of the threat of synthetic voices, but have not yet encountered cases where such a voice was used to defraud their customers. Some experts are now calling on banks to completely abandon voice authentication. They believe that with the improvement of AI algorithms, biometrics will no longer be a guarantee of a high level of data security.
We would like to remind you that ChatGPT recently helped hackers win an exploit contest. Artificial intelligence provided programmers with a useful hacking tool. Experts emphasized that this is how cybercriminals will use ChatGPT in real attacks on industrial systems. The hackers emphasized that AI may not be able to write exploits, but it can provide «the last piece of the puzzle needed for success.»