Emerging Technologies

These wearable devices could stop hackers stealing your voice

A woman talks on a mobile phone in Beijing, China June 3, 2017.   REUTERS/Thomas Peter

A company created accessories that secure your voice to prevent hackers gaining entry to your devices Image: REUTERS/Thomas Peter

Nicole Casal Moore

A security-token necklace, ear buds, or eyeglasses could eliminate vulnerabilities in voice authentication—the practice of logging in to a device or service with your voice alone.

Talking to electronics has become a popular—even essential—way to command them. In our Internet-of-Things era, voice assistants connect people to their mobile devices, homes, and vehicles.

Through spoken interactions, we place calls, send text messages, check email, get travel directions, control appliances, and even access bank accounts. Barclays bank, for example, recently began using a technology that uses voice to verify the identity of call-in center customers.

“If a system is using only your voice signature, it can be very dangerous.”

But sound is an “open channel” that can be easily spoofed by mediocre impersonators and sophisticated hackers alike.

“Increasingly, voice is being used as a security feature but it actually has huge holes in it,” says Kang Shin, professor of computer science and professor of electrical engineering and computer science at the University of Michigan. “If a system is using only your voice signature, it can be very dangerous. We believe you have to have a second channel to authenticate the owner of the voice.”

Have you read?

Speech vibrations

The solution that Shin and colleagues developed is called VAuth (pronounced vee-auth)—a wearable device that can take the form of a necklace, ear buds, or a small attachment to eyeglasses.

The device continuously registers speech-induced vibrations on the user’s body and pairs them with the sound of that person’s voice to create a unique and secure signature.

The process of speaking creates vibrations that can be detected on the skin of a person’s face, throat, or chest. The system works by leveraging the instantaneous consistency between signals from the accelerometer in the wearable security token and the microphone in the electronic device. You can only use voice authentication with your device when you’re wearing the security token.

The team built a prototype using an off-the-shelf accelerometer, which measures motion, and a Bluetooth transmitter, which sends the vibration signal to the microphone in the user’s device. They’ve also developed matching algorithms and software for Google Now.

“VAuth is the first serious attempt to secure this service, ensuring that your voice assistant will only listen to your commands instead of others,” Shin says. “It delivers physical security, which is difficult to compromise even by sophisticated attackers. Only with this guarantee can the voice assistant be trusted as personal and secure, especially in scenarios such as banking and home safety.”

That’s a drastic departure from existing voice biometric mechanisms, which require training from each individual who will use them, says Kassem Fawaz, who worked on the project as a graduate student at the University of Michigan and is now an assistant professor at the University of Wisconsin.

“In addition, VAuth overcomes a key problem of voice biometrics. A voice biometric, similar to a fingerprint, is not easy to keep protected. From a few recordings of the user’s voice, an attacker can impersonate the user by generating a matching ‘voice print.’

“The users can do little to regain their security as they cannot simply change their voice. On the other hand, when losing VAuth for any reason, the user can simply unpair it to prevent an attacker from using their device.”

97% accuracy

When the team tested VAuth with 18 users and 30 voice commands it achieved a 97 percent detection accuracy and less than 0.1 percent false positive rate, regardless of its position on the body and the user’s language, accent, or even mobility. It also successfully thwarts various practical attacks, such as replay attacks, mangled voice attacks, or impersonation attacks.

The researchers surveyed 952 people to gauge their willingness to wear a security token.

“Seventy percent of them said they are willing to give VAuth a serious try in one of the three configurations we developed—and half of them said they are willing to pay $25 more for the technology,” says Huan Feng, who worked on the project as a graduate student.

Researchers will present their paper October 19 at the International Conference on Mobile Computing and Networking, MobiCom 2017. The National Science Foundation provided funding. The researchers have applied for patent protection, and are seeking commercialization partners to help bring the technology to market.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Digital Communications

Share:
The Big Picture
Explore and monitor how Digital Communications is affecting economies, industries and global issues
World Economic Forum logo

Forum Stories newsletter

Bringing you weekly curated insights and analysis on the global issues that matter.

Subscribe today

Here’s why it’s important to build long-term cryptographic resilience

Michele Mosca and Donna Dodson

December 20, 2024

How digital platforms and AI are empowering individual investors

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum