Voice Assistants

Episode 103: On the Voice-Controlled Internet, How Will We Authenticate?

Voice based interfaces are growing in popularity, complexity and influence. But securing these interfaces has, thus far, been an afterthought. If we are destined to interact with the smart systems around us using our voice, how exactly will we manage to authenticate to those devices? In this podcast we speak with Ben Rafferty of the firm Semafone about the challenges of securing voice-based systems. Semafone won the recent PAYMNTS.com Voice Challenge with a way to use Amazon’s Alexa voice assistant as an out of band authentication mechanism.

Alexa! Authenticate me! Voice based interfaces are all the rage. Anyone with an Amazon Echo or Google Home device in their kitchen knows that. Combining voice recognition and machine learning technology, these devices allow us to interact seamlessly with the Internet – searching the web or even purchasing products with our voice. Voice makes interacting with e-commerce sites like Amazon frictionless, which is why companies like Amazon love them and see them as the future of computing.

Ben Rafferty of Semafone
Ben Rafferty is the Chief Solutions Architect at the firm Semafone.

That future seems bright. The industry analysis firm IDC predicts that smart speaker sales will increase from $4.4 billion to more than $17 billion in the next four years.

But voice technology isn’t without its flaws. Like any software driven devices, connected products like voice assistants pose a range of security and privacy risks. And current generation voice technologies provide far fewer safeguards than traditional IT assets like laptops, desktops or even smart phones. Notably: they can’t distinguish one user from the next. Walk into your friend’s apartment, eye his Echo and say “Alexa, purchase 50 cases of Mountain Dew,” and you’ve successfully hijacked that friend’s account for your own, nefarious purposes.

[See also: Researchers Warn of Physics-Based Attacks on Sensors]

That raises the question of how exactly authentication should work as voice based interfaces proliferate. Today, amazingly, Echo and Google Home largely ignore authentication, assuming that if you’ve authenticated to your account when you set up your device, that will suffice. That’s a big assumption.

That’s why this podcast episode is focusing on the security of voice based systems: how they might prove vulnerable to attackers and – also- how tools like Amazon Echo might provide a means of enhancing the security of online activity and transactions. Our guest is Ben Rafferty, the Global Solutions Director at the firm Semafone, which sells technology for call centers. His company recently won the 2018 PYMNTS.com Voice Challenge, a contest to use Amazon’s virtual assistant, to solve problems, remove points of friction and add value to the payments and commerce ecosystem.

[You might also like: Opinion: With Internet of Things, Devices become Insider Threat]

In this conversation, Ben and I talk about Semafone’s winning entry – Three Little Words – a solution that allows organizations like banks to use voice based systems as an out of band authentication mechanism for high value transactions. We also talk about the challenges of securing voice based systems.

Check out our full conversation above!

Comments are closed.