February 4, 2024 In a new study, IBM researchers have unveiled a method that could fundamentally alter the security landscape of voice communications. Dubbed “audio-jacking,” this technique leverages generative AI tools to hijack ongoing voice calls, posing a significant threat to financial institutions and other entities that rely on phone conversations for identity verification.

The essence of this threat lies in the ability of scammers to use low-cost AI tools to mimic an individual’s voice, allowing them to intervene in live conversations to divert funds or obtain sensitive information. The researchers detailed how this method could be employed by first compromising a victim’s phone with malware or intercepting voice calls through a wireless service. The attackers then use AI to scan conversations for specific keywords like “bank account,” substituting the victim’s spoken information with that of the attacker’s, all in the cloned voice of the victim.

Chenta Lee, IBM Security’s chief architect of threat intelligence, emphasized the breadth of potential misuse, extending beyond financial fraud to altering medical records or influencing stock market transactions. The sophistication of this attack method is underscored by the fact that attackers can clone a voice with as little as three seconds of recorded speech.

Despite the alarming potential, IBM’s experiments also highlighted limitations, such as delays in the AI-generated responses and the varying quality of voice clones. Nonetheless, the advent of such technology signals a new era in cyber threats, making traditional voice verification methods increasingly vulnerable.

To combat this, the report suggests vigilance during phone calls, recommending that individuals paraphrase and repeat statements to confirm their accuracy, a strategy aimed at outmaneuvering the AI’s current limitations in understanding conversational nuances.

As generative AI continues to evolve, this report serves as a critical reminder of the need for advanced security measures and awareness to safeguard against increasingly sophisticated cyber threats.

Sources include: Axios