A connection on LinkedIn recently brought up the point that he believes AI will make Vishing a greater threat against corporations in the future. His argument is based on how AI is making everything easier nowadays. As it improves its ability to communicate with humans, it can become yet another attack vector that is an alternative to traditional phishing, and due to the efficiency of AI it would have a large attack surface. While I work in a warehouse, my job does revolve around working with voice recognition technology and I think he’s wrong.
Training voice recognition software to recognize my voice took a solid half an hour of intentionally repeating a list of specified words. The software says the word, but there’s also a physical list in case you cannot understand what the software is saying. Furthermore, I was told to train the software in a typical work area of the warehouse because it would often fail to recognize my voice otherwise. Lastly, the only words it recognizes are the few I trained the software to recognize with my voice, and sometimes it does not even register when I say those few words.
The reason training software to recognize your voice is both so difficult and limited is that we all speak differently. There are of course regional accents, but medical conditions can switch things up even more for how the end user speaks. Even if the changes are subtle software that analyzes voice patterns is more likely to pick up those subtle differences than our ears. We subconsciously learn to understand people or something, but software does not have that ability. The best we can do is replicate that ability through meaningful and careful analysis. However, AI could likely help speed up the process of splicing together voice patterns.
An old phishing trick is one where the person on the other line records the entire conversation looking for keywords such as ‘yes’, ‘confirm’, and so on. If they have a keyword in your voice they can fool voice recognition systems. A human can carry a conversation more naturally than an AI, and with a large enough sample set they could bypass security measures. However, there is an easy way of getting around this attack. If you do not answer the phone when you do not know the number and make them leave a message you’ll easily avoid this sort of scam. You can also call the business directly whenever you get concerning news supposedly from the business.
If you buy anything from Amazon using the link below I may receive a commission from your purchase at Amazon.
Tech Best Sellers at Amazon