A voice identification system used by the Australian government for millions of people has a serious security flaw, a Guardian Australia investigation has found.
Using just four minutes of audio, a Guardian Australia journalist was able to generate a clone of their own voice and was then able to use this, combined with their customer reference number, to gain access to their own Centrelink self-service account.The voiceprint service, described as the “digital representation of the sound, rhythm, physical characteristics and patterns of your voice”, was used by 3.8 million Centrelink clients as of the end of February, and more than 7.
When Guardian Australia contacted Services Australia with details of the security vulnerability, it declined to say if the voiceprint technology would be changed or removed from Centrelink. “If we identify unusual circumstances in how customers use our authentication systems, we apply additional tests to confirm a caller’s identity.”