Having been asked if I want to opt for voice authentication when using a phone service, I was wondering about the security vulnerabilities of an authentication method which is relatively new to me.
Are there already some known security vulnerabilities that I need to aware of? And what are some measures that I can take to minimize the risk and impact of these vulnerabilities?
This is relatively old but we once tried to record my friend's voice and play it as an authentication for his voice detection mechanism. We were able to fool it only 1 time out of 5.
Also, we made him speak the authenticating words again when he was talking to someone else and caused him to unlock the phone. The attacker was standing just next to him with the phone mic pointing to the victim. Tried this only once
You can test them on your phone.
Other test cases to consider:
If your voice goes bad because of some reason, how does it react.
Changes in voice tone and their effect
