Fake It Until You Make It: Using Deep Fakes to Bypass Voice Biometrics
Discovery & Impact
We were tasked with bypassing a voice biometric system for a Fortune 500 company, which had defenses in place to detect deep fake voices. In the end, we successfully bypassed their authentication system during a red ream test using machine learning and deep fake research.
The relative ease of this attack process combined with the constant advancing nature of deep fake research and machine learning programs leads us to believe that in the next decade, this technology will rapidly improve and attacks like this will become more common.
Remediation Outcome
We presented our findings and advised the organization against using this form of authentication until they could retest and prevent illegitimate authentication.
We performed research on various existing machine learning programs that allow deep fake creation. We used Coqui TTS.
First, Alex set up the program. This was a difficult and time-consuming task as the dependencies were incredibly inconsistent and often conflicted.
Alex then recorded his own voice for sample training data using Mimic Recording Studio.
Next, the training was configured and monitored to ensure it was learning effectively.
Alex synthesized audio for the final deep fake attempt.
He set up the voice biometric system using Alex’s real, legitimate voice. The phrase that we had to say was “Please authenticate me with my voice.”
Now begins the fun. Alex began the attack using the deep fake.
The Rapid Evolution of AI Voice Cloning and its Implications for Cybersecurity 
Fake It Until You Make It: Using Deep Fakes to Bypass Voice Biometrics 
EPISODE 01 – Inside the Mind of a Social Engineer