Scientists are working on a way of using the internal orientation sensors in smartphones to defend against efforts to trick voice recognition systems.
As the use of smartphones, wearables and voice-based assistants is on the rise, so is the risk that criminals will try to use those systems to their advantage by impersonating people's voices.
To combat this, devices have automatic speaker verification systems – but research has shown that, while they can pick up human voice impersonation, they are worse at detecting when a person's voice is replayed or distorted, for instance from a recording or in a machine-based impersonation.
This often involves playing the spoof voice attacks through a loudspeaker, and because loudspeakers typically produce a magnetic field, researchers from the University at Buffalo in New York have developed a prototype for software that would turn a smartphone's internal magnetometer into an alert system.
The magnetometer, which is used for the phone's compass, detects magnetic fields, and the researchers argue that this could be used to identify when someone is trying to use a loudspeaker to fool the device's speech recognition systems.
In order to detect the magnetic field, the prototype app – published in a paper [PDF] presented last week at the annual IEEE International Conference on Distributed Computing Systems – requires the source of the sound to be close to the phone, and so uses the phone's mapping algorithm to determine how close the speaker is to the phone's microphone.
"By cross-checking the magnetometer and motion trajectory data, we are able to verify if the sound is produced by a human speaker or a loudspeaker," the scientists write in the paper.
Commenting on the work, Nick Gaubitch, head of EMEA for phone security firm Pindrop, said the paper had interesting ideas from an academic point of view, but stressed that there could "never be one solution to a problem like this".
However, Gaubitch added that addressing the problem of voice spoofing was "pretty urgent" as the voice recognition technology is already being used by consumers and there was a need to boost their confidence.
Brett Beranek, director of product strategy for biometrics at communications software company Nuance, pointed out that there were already a lot of established voice biometrics technologies on the market – although he added that the use of the magnetometer was "intellectually very interesting".
Ian McLoughlin, a computer scientist at the University of Kent, agreed that the use of the magnetometer was a novel idea with "potential for the future", but also flagged up some issues with the solution.
He said attackers could disable the magnetometer in the phone, either through software or more low-tech methods like taking a drill to the device.
"It's an interesting idea, and a nice paper full of experiments, discussion and background detail," he said. "But it's not a complete solution, and could have been explored more thoroughly."
Co-author Kui Ren told The Reg that the team does plan to carry out more experiments on different smartphone models, in order to create a more comprehensive analysis of the impact other factors could have on the performance of the system.
"We will work on improving the performance of our system and provide an app available to users," he said. "We also plan to provide an API of our system so that researchers and developers could use it and integrate it into their own products." ®