How One Journalist Used His Own Cloned Voice To Break Into His Bank Account
by Trisha Leigh
Technology is so great. It makes our lives easier in ways we can hardly even count these days, and most of us are grateful for the ease it has brought to our lives. I mean, the more things that save me time, the better.
That said, it does have its downside – and journalist Joseph Cox from Vice may have exposed one when he used it to break into his own bank account.
He was testing the limits of AI voice cloning and created a clone of his own voice to use in a phone call to his bank. An automated voice answered the line of the UK-based Lloyds Bank, asking Cox to state the reason for his call. Using the AI-synthesized sound clip, he directed it to “check my balance.”
The other robot asked for his date of birth, when Cox punched in on the keypad, then asked him to say “my voice is my password.” It was the moment of truth, and after Cox’s voice clone replied “my voice is my password,” he waited (probably holding his breath).
New: we proved it could be done. I used an AI replica of my voice to break into my bank account. The AI tricked the bank into thinking it was talking to me. Could access my balances, transactions, etc. Shatters the idea that voice biometrics are foolproof https://t.co/YO6m8DIpqR pic.twitter.com/hsjHaKqu2E
— Joseph Cox (@josephfcox) February 23, 2023
“Thank you,” the bank’s robot relied before allowing him access to his account.
Cox wrote: “I couldn’t believe it – it had worked.”
And although this was just a test of sorts, there’s no reason to think actual hackers won’t be able to clone their victim’s biometrics to access accounts in the near future.
Cox used a cheap and popular voice-cloning tool from ElevenLabs, so it’s not exactly hard to get or use. He tried a few others that did not fool the security bot before he found the one that worked.
View this post on Instagram
Lloyd’s Bank claims that it’s VoiceID features “analyzes over 100 different characteristics of your voice, which like your fingerprint, are unique to you.”
Clearly, that’s not good enough, so I imagine account holders are going to be careful about relying on it from here on out.
At least, I think I would be.