IBM researchers uncover AI voice hijacking vulnerability in phone calls

In a new study, IBM researchers have unveiled a method that could fundamentally alter the security landscape of voice communications. Dubbed “audio-jacking,” this technique leverages generative AI tools to hijack ongoing voice calls, posing a significant threat to financial institutions and other entities that rely on phone conversations for identity verification.

The essence of this threat lies in the ability of scammers to use low-cost AI tools to mimic an individual’s voice, allowing them to intervene in live conversations to divert funds or obtain sensitive information. The researchers detailed how this method could be employed by first compromising a victim’s phone with malware or intercepting voice calls through a wireless service. The attackers then use AI to scan conversations for specific keywords like “bank account,” substituting the victim’s spoken information with that of the attacker’s, all in the cloned voice of the victim.

Chenta Lee, IBM Security’s chief architect of threat intelligence, emphasized the breadth of potential misuse, extending beyond financial fraud to altering medical records or influencing stock market transactions. The sophistication of this attack method is underscored by the fact that attackers can clone a voice with as little as three seconds of recorded speech.

Despite the alarming potential, IBM’s experiments also highlighted limitations, such as delays in the AI-generated responses and the varying quality of voice clones. Nonetheless, the advent of such technology signals a new era in cyber threats, making traditional voice verification methods increasingly vulnerable.

To combat this, the report suggests vigilance during phone calls, recommending that individuals paraphrase and repeat statements to confirm their accuracy, a strategy aimed at outmaneuvering the AI’s current limitations in understanding conversational nuances.

As generative AI continues to evolve, this report serves as a critical reminder of the need for advanced security measures and awareness to safeguard against increasingly sophisticated cyber threats.

Sources include: Axios

Jim Love
Jim Love
I've been in IT and business for over 30 years. I worked my way up, literally from the mail room and I've done every job from mail clerk to CEO. Today I'm CIO and Chief Digital Officer of IT World Canada - Canada's leader in ICT publishing and digital marketing.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web