Checklist 329: Voice Clones and OS Updates
AI voice cloning—a new threat to banks?
We’ve talked about the dangers of AI voice cloning in the context of phone scams. But now it appears that voice cloning technology has advanced far enough to put bank authentication systems at risk!
A journalist at Motherboard performed a proof-of-concept demonstration of how AI voice cloning tools could be used to bypass a real-world voice authentication system used by their bank. The Motherboard article sums up the danger:
Some banks tout voice identification as equivalent to a fingerprint, a secure and convenient way for users to interact with their bank. But this experiment shatters the idea that voice-based biometric security provides foolproof protection in a world where anyone can now generate synthetic voices for cheap or sometimes at no cost.
The issue has caught the attention of the U.S. Senate. Ohio’s Senator Sherrod Brown, Chairman of the Senate Committee on Banking, Housing, and Urban Affairs, has written to CEOs of large banks to ask how they plan to protect against AI voice fraud. A Vice report says that Senator Brown is asking banks:
…to describe their use of voice authentication services, including whether they are using third-party provided tools; how frequently customers use voice authentication; how the banks respond to breaches due to flaws in voice authentication; and where customer voice data is stored.
Defending against AI voice cloning
Given the uncertainty over which organizations use voice verification tools—and what cybersecurity measures they’re taking to prevent AI voice cloning fraud—we’d make the following recommendations:
- If you’re given a voice verification option at your bank or another business or service you use, ask if there’s a way to opt out.
- Limit the amount of personal information that you disclose on social media—and lock down social accounts so you can’t be found by strangers online.
- Limit online samples of your voice to friends and close contacts on social media. Never make those public-facing if you can help it.
- Use added security measures like 2FA or customer service PINs to protect your accounts.
Apple releases fixes for exploited vulnerabilities
Apple has issued another round of updates for its OSes. Here are the security highlights:
- iOS and iPadOS 16.5 patch nearly 40 vulnerabilities each. For users of older mobile OSes, there were complimentary updates for iOS and iPadOS 15.7.6 as well.
- macOS Ventura 13.4 addresses 50 or so security flaws. There were updates for older versions of macOS too: macOS Monterey 12.6.6 and macOS Big Sur 11.7.7.
- watchOS 9.5 introduces a few new features along with 32 security fixes, while tvOS 16.5 tackles 28 security issues.
These updates all patch vulnerabilities reported as “under active exploitation” by the Apple security community. As such, any user who does not have automatic updates enabled should update their systems immediately.