Winter March 1, 2023 8:43 AM

That is a very active field of research:
Automatic Speaker verification Spoofing and Countermeasures Challenge

Concerns regarding the vulnerability of automatic speaker verification (ASV) technology against spoofing can undermine confidence in its reliability and form a barrier to exploitation. The absence of competitive evaluations and the lack of common datasets has hampered progress in developing effective spoofing countermeasures. This paper describes the ASV Spoofing and Countermeasures (ASVspoof) initiative, which aims to fill this void. Through the provision of a common dataset, protocols, and metrics, ASVspoof promotes a sound research methodology and fosters technological progress. This paper also describes the ASVspoof 2015 dataset, evaluation, and results with detailed analyses. A review of postevaluation studies conducted using the same dataset illustrates the rapid progress stemming from ASVspoof and outlines the need for further investigation.

Winter March 1, 2023 9:57 AM

The 2021 ASVspoof challenge was about deep fakes:


ASVspoof 2021 is the forth edition in the series of bi-annual challenges which aim to promote the study of spoofing and the design of countermeasures to protect automatic speaker verification systems from manipulation. In addition to a continued focus upon logical and physical access tasks in which there are a number of advances compared to previous editions, ASVspoof 2021 introduces a new task involving deepfake speech detection. This paper describes all three tasks, the new databases for each of them, the evaluation metrics, four challenge baselines, the evaluation platform and a summary of challenge results. Despite the introduction of channel and compression variability which compound the difficulty, results for the logical access and deepfake tasks are close to those from previous ASVspoof editions. Results for the physical access task show the difficulty in detecting attacks in real, variable physical spaces. With ASVspoof 2021 being the first edition for which participants were not provided with any matched training or development data and with this reflecting real conditions in which the nature of spoofed and deepfake speech can never be predicated with confidence, the results are extremely encouraging and demonstrate the substantial progress made in the field in recent years.

Basically, the lesson seems to be that what AI can fake, AI can detect.

Papa Loves U March 1, 2023 10:26 AM

Just like one should treat an/any endpoint; reduce/minimize/eliminate(where possible) bells & whistles or the “attack surface” – those purdy, shiny thingies you CAN live without. Time to begin treating your automated home like an endpoint because that’s what’s become with all IoT being all over the place. Just like one of the regulars here (Clive Robinson) keeps repeating himself right here on this blog – year after year, by giving you the best advice you can possibly get (for free, mind you) – compare the risks vs. benefits (trade-offs), among other things, and go from there. Communism too works wonders in theory and on the paper…

Vesselin Bontchev March 1, 2023 10:52 AM

Hi, this is your bank.

Your voice has been compromised, please change it. Make sure you use both high- and low-pitched sounds and at least 7 vowels.

lurker March 1, 2023 12:44 PM


A reporter used an AI synthesis of his own voice to fool the voice authentication system for Lloyd’s Bank.

A reporter used a rubber cast of his own fingerprint to fool his company’s biometric door lock.

A publicly accessible piece of biometrics was duplicated sufficiently accurately to fool a system that had not considered this a risk. What’s new here?

Security is a balance of risks and rewards. Good security is hard to do.

TimH March 1, 2023 1:23 PM


What’s new here?

What isn’t new is that banks will refuse to accept a voice-validated fraud incident. Prof. Ross Anderson has published papers (and been expert witness) on banks refusing to acknowledge security flaws, and insisting against plain evidence that it were the customer wot dun it, not fraud and their responsibility.

lurker March 1, 2023 3:27 PM


What’s also new is that banks have abandoned centuries of insistence on face to face meetings and ink on paper documents, and are falling over themselves in a rush to be swallowed by new-fangled technology. Most are now making it impossible for a customer to present themself at an office of the bank, complete with identifying instruments, to conduct banking business. This refusal to engage with their customers must invite fraud, and transfer some of the blame onto the banks.

Clive Robinson March 1, 2023 5:30 PM

@ TomH, lurker, ALL,

Re : Extetnalising risk.

“What isn’t new is that banks will refuse to accept a voice-validated fraud incident. “

It’s a bit more than “dumb bank directors” it’s a very deliberate policy that they call “customer convenience” but in reality is “5h1t1ng on the customer any which way they can”.

For the sake of making more profit, banks are selling off their realestate holdings you call bank branches, sacking the staff and replacing them with ludicrously insecure digital systems.

They know without any doubt that fraud will rise and rise a lot, probably as a significant petcentage of their actuall turn over not their profit, where it will be a real hit.

When you look at bank behaviour since bank cards started over half a century ago, bank behaviour has been,

1, Get more customers.
2, Put all risks on the customer or other party such as merchants.

The later is based on two things,

3, The customer is least able to defend themselves.
4, Judges are stupid enough to believe the banks lies.

In fact in most places the “Bank Ledger Legislation” makes any old nonsense a bank prints out legal evidence, no matter how false you can show it to be.

Worse their legal representatives knowingly lie in court. If challenged they say it’s what they have been informed of by “their client”… They then try every trick possible from stopping, naming any individual, or having any individual made available to testify in person under oath.

They will also find every excuse to make the case more expensive for the harmed party under a “crush them in debt” policy. Where even if you were to win you will have more court costs than you will make from winning your money back.

These are all standard tactics, judges know the banks are doing it yet they alow them to do so.

Even where there is legislation supposadly protecting a customer, the banks will “time it out” that is they will say you have to notify them of fraud within 48hours or some such, knowing full well you have close to zero chance of being able to do so. You can call it “victim blaiming” but actually it’s a very very deliberate policy of “Victim Victimization” under a “Might is always right” policy…

I could go on at length but the legislation and regulation is different in nearly every jurisdiction and covers thousands of pages. So all the specifics in any one place are near impossible for any individual to know, and that includes,

1, Legislators.
2, Judges.
3, Lawyers.
4, Ordinary individuals.

Banks however have very large teams of specialists, and it won’t be long before they start using AI etc to find more ways to “Victimize by policy” which they will call “Customer Convenience” and tell legislators “That’s what the customer wants” when actually that is at best based on surveys that have been deliberately fixed to give a desired result.

But hey that’s “Freemarket Capitalism” at work thanks to Ronnie Reagun and Maggie Thatcher back in the 1980’s when they got rid of so much very necessary legislation going back centuries if not millennium, remember the turning over of the money lenders tables in the bible tells you just how long the bankers have been at it one way or another. Also one of the reasons what is sometimes called “Arab Banking” or “Islamic Financr” exists[1]. Which on paper looks good but in practice…

[1] Technically it is “Sharia-compliant finance” and complies with Sharia (Islamic law). It is banking or financing activity that is regulated by what is religious law. However Islamic banking and Islamic finance is these days jusy as full of abused loop holes as Western Banking… Only the claim is deity is right therfore you must be wrong, which is just a variation on the “King Godhead Game” of “Might is right”.

Ted March 1, 2023 6:03 PM

Oh darn (or yay)… ElevenLabs is now requiring at least a paid monthly subscription to do ‘Instant Voice Cloning.’ The Starter+ subscription is $5 a month.

JG4 March 1, 2023 9:17 PM

What’s the dog’s name? | Terminator 2 : Judgment Day 4k (Remastered)
The Gamer And Videos 13.2K subscribers
13,979 views Oct 13, 2020

“What’s wrong with Wolfie? I can hear him barking.”
“Nothing Honey. Wolfie’s fine.”

“Both of your parents are dead.”

lurker March 2, 2023 12:49 AM

@Clive Robinson, All
“since bank cards started over half a century ago”

Hmm, it might have been a little earlier than that, when they started to replace their card index ledgers with “computers”. I had one of the earliest MICR cheque books in NZ in the late ’60s, but most of the small branches couldn’t afford the readers, and cheques were couriered into big cities for processing. An urban myth of the time suggested that a certain brand of ballpoint pen had magnetic ink. I never investigated the truth of that, but OCR readers soon became affordable, and not having magnetic ink must have been cheaper too.

The problem appears to be that the banks make a unilateral change in their behaviour, then when things go wrong they refuse to a) pick up the tab; and/or b) admit they made a mistake. One benefit of cyclones taking out power and internet is that cash became king again.

SM March 2, 2023 2:52 AM

This was considered in another bank, apparently it had other layers like checking the caller ID.

The guy looking at this commented that a quick Google search allowed him to find places to spoof the caller’s id. Given how easy was also to mimick the voice of somebody else. The report was quite negative and as far as I understood was not adopted.

What surprised me at the time was how it seemed like a good idea: making it easier for customers to log in without the need for them to remember those pesky passwords.

Also, I think that the bank that offers this, is doing it for his select customers.

Winter March 2, 2023 4:22 AM


Worse [bank’s] legal representatives knowingly lie in court.

I have seen some of these things been disappearing overnight with a simple law stating the bank has to prove the client to be in error.

There were ATM’s that with stuck paper money that came out the next time. I heard the banks claiming it was the customer, but I had seen it happening (I returned the money to the customer before me). Then a judge told them “your ATM, your problem” and the problem was solve at lightening speed.

Around the 2008 financial crisis, many people were sold risky products they did not understand well enough. Also, banks were doing all kinds of transactions they charged the clients for without there being any objective need for that. Then the courts expanded duty of care to include that and these practices stopped quite fast.

Matt Palmer March 2, 2023 5:40 AM


It demonstrates the core reason why biometrics should not be used for authentication. You cannot change you if it becomes possible to spoof the biometric. And they keep getting spoofed.

They are fine for identification, just not authentication.

Clive Robinson March 2, 2023 6:47 AM

@ Matt Palmer,

Re : Biometrics are a failure and always have been.

“biometrics should not be used for authentication.”

True for many reasons, not just,

“You cannot change you if it becomes possible to spoof the biometric.”

Again true, but you’ve missed the point they have always been possible to spoof to some degree, it’s why “impersonators” have been able to earn a living for centuries if not multiple millennia.

You incorrectly imply with,

“And they keep getting spoofed.”

That there is some safe period in which they can be used before techniques via technology advance.

Hence you say,

“They are fine for identification, just not authentication.”

When the reality is they are fine for neither identification or authentication, and never realy have been.

What has happened in actuall fact is bio-metrics have always failed the only question has been,

“To what degree?”

In practice the answer to that has always been,

“As much is needed to fool the techniques and technology prevelant at any given time”.

Thus “sales and marketing” to make money went in for “specmanship” and created the equivalent of an “arms race”. Where they make faux claims about how the increased resolution of their test measurments will beat the known attacks.

The attackers take one of two basic approaches in response,

1, They improve the resolution of the fakes.
2, They exploit weaknesses in the tests.

I’ve shown in the past that it was possible to beat a DNA test because of a weakness in the test proceadure.

I was told by many that I was wrong, did not know what I was talking about, etc, etc. Then an Australian researcher publishes a paper detailing the exact fault I had identified and all of a sudden people started going on with,

“Shock horror, why was this not seen?”

Well it was. Likewise I had worked out when not even a tenager how to fake finger prints with the red wax from Edam Cheese to make a mould, WD40 as a mould release and Copydex rubber solution glue as the fake skin. Again even though I had demonstrated this, I was told I did not know what I was talking about, and ended up getting sacked for demonstrating it (sales and marketing did not want their faux claims reviealed). As it turns out I should have just pointed them to a Sherlock Holmes story (The Balham builder). Where the use of hot sealing wax was used as an example of making the mould.

Do you remember the nonsense over BadBIOS, where I and @RobertT both described exactly how you would do it with acoustic networking. A technology that had been developed for PIM’s and such like in the 1980’s as an advance on storing data on audio cassets. Again we got told we did not know what we were talking about… Then a couple of students published a paper about an experiment in a corridor, and all those neigh sayers are suddenly experts…

The only bio-metric I’ve not been able to bypass is the mapping of structures in the human eye. Not because I don’t think it can be done, nor because I don’t have several good ideas of how to do it. No my reason is I do not want to take the risk of damaging mine or other peoples eyes in the process.

Such morals and ethics are not an issue for nearly 20% of the population from which criminal activity especially violence arises from.

Thus I deem it highly likely some people already know exactly how to bypass retina and iris recognition systems…

So bio-metrics are or will quickly be usless for identification and that includes DNA which is supposadly “the gold standard” but in reality is nothing of the sort for various reasons.

The thing is those reasons in a more general form apply to nearly all “super dupper new” methods of forensics, as we see they come along people get convicted on them, then the supposed science is found to be nothing of the sort and in many places –but not the USA in general– peoples convictions get overturned … And what happens? Those in authority look the other way, especially when the next quack-system comes along…

But hey “As long as justice is seen to be done” who cares if it’s not justice, just grandiose pantomime… It’s exactly the same with bio-metrics for identification (which forms the first step in authentication). As long as their is an expensive box to absolve responsability who cares that it’s all very nearly a nonsense?

@ ALL,

In multifactor authentication, we realy should drop the,

“Something you are”

It’s a totally busted idea that is just pushed by money making schemes based on faux techniques and a lot of idiot arguments, that at best are based on measurment disparity that never survive the test of time…

Clive Robinson March 2, 2023 8:06 AM

@ Winter, ALL,

“I have seen some of these things been disappearing overnight with a simple law stating the bank has to prove the client to be in error.”

And that’s the first hurdle where all payed for legislators fail to get over.

The banking and finance industries get away with so much because they fund the legislators one way or another, and the legislators do what was observed by Upton Sinclair, oh about a century ago made famous as,

“It is difficult to get a man to understand something, when his salary depends on his not understanding it.”

Matt Palmer March 2, 2023 8:54 AM

@Clive Robinson

Your analysis is of course more fully developed than mine 🙂

I wasn’t implying there was any safe period, just that there is a fundamental flaw with the whole concept – that once spoofed (which I agree they pretty much always are), they become worse than useless.

I would say that they are potentially useful for some identification purposes though. A user name is easy for anyone to type in and is not typically secret. Biometrics would only be providing convenience in this situation; there would still have to be a fall back user name in case of biometric failure (false negatives). So not exactly a huge win, but not actively harmful as far as I can see.

For the use case of forensic identification of people (e.g. DNA tests), there are certainly problems. They may be useful as a first step in an investigation, but I agree they should not be relied upon in court.

JG4 March 2, 2023 9:05 AM

I sent the underlying article to Bruce a long time ago. Long before “AI” could clone your voice from three words, there were people who could do it from not many more:

Matthew Weigman – Schneier on Security
Matthew Weigman. Fascinating story of a 16-year-old blind phone phreaker. One afternoon, not long after Proulx was swatted, Weigman came home to find his mother talking to what sounded like a middle-aged male. The man introduced himself as Special Agent Allyn Lynd of the FBI’s cyber squad in Dallas, which investigates hacking and other …

I thought that I pointed out that Weigman’s visual cortex was repurposed to analyzing sound, which frequently occurs in those born blind. They can’t hear any better, but they can extract far more information. This may be another search fail:

No results found for “visual cortex”

I would have pointed out at the same time that I know a gifted writer and thinker whose vision was very poor the entire time he was in grade school. I never thought to ask about his ability to mimic voices. His visual cortex was repurposed to words and their meanings. Late in the game, he got glasses and could see the chalkboard for the first time. He has done very well with reading, writing and meaning ever since. He is utterly unable to visualize in his mind. The term of art may be aphasia.

No results found for aphasia

I am sure that I have recounted previously what made me rabid enough to hang around here. Our “health” insurance company emailed all of the employees’ social security numbers, birth dates, and various other “identity” information in a beautifully encrypted email. With the password in the unencrypted header. It isn’t important what year that was. The most disturbing part is that is HIPAA compliant. Almost equally disturbing is how stupid they are. I would happily burn them at the stake.

One solution to the ubiquity of “identity” information is to make encrypted versions signed with suitable passwords that are user specific – i.e., tied to the company who will receive it for one intended use. That would have the positive effect of making it easier to find leaks, when it shows up on the dark web. Not entirely unrelated to water-marking a photo.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.