Technology said to thwart voice phishing scams
10/25/2010 8:33 PM EDT
PORTLAND, Ore.—Researchers at Georgia Tech say they have identified a digital fingerprint hidden within voice signals
that can reveal fraud and thwart voice phishing scams.
When caller ID identifies a trusted caller—like your credit-card bank—it would seem natural during the course of the call to ask you to give your
password for security purposes. Unfortunately, it is relatively easy for criminals to fake caller ID and use the same sort of phishing scams they use on the
Georgia Tech's voice authentication technology can be added onto any phone to positively identify the caller with 100 percent accuracy, according to
professor Mustaque Ahamad, director of the Georgia Tech Information Security Center (GTISC), who worked on the project with professor Patrick Traynor and
doctoral candidate Vijay Balasubramaniyan. Unlike email, which is untraceable, Balasubramaniyan said, audio leaves telltale traces that reveal the order and
type of each network that a voice call must traverse—from state-of-the-art VoIP to wireless cellular to legacy land lines.
Their technique cannot reveal a precise location or IP address, but it can identify trusted callers with whom you have spoken several times before, plus
alert you when the caller's phone does not match what the caller ID says. The system works independently of the telephone with which it is being used and
requires no actions on the part of the carriers or the phone makers. Instead it just "listens for" the embedded signatures in the audio in order to trace
what the researchers term a "call's provenance" (origin and routing method).
"Audio inherently embeds details of the networks it traverses. This is what allows us to determine the provenance of a call at the recipient's end," said
Balasubramaniyan. "For example, when an audio packet is lost on the Internet, it stays lost, but it is not perceptible to the human ear."
Telephone call are difficult to authenticate today because they are repeatedly
decoded and re-encoded each time pass through a network gateway.
By compiling these imperceptible audio cues, such as the sound of dropped packets, the researchers have crafted an algorithm called Pindrop, which learns the
unique digital signature of every phone from which your receive calls. After just one phone call, Pindrop can identify the caller with 90 percent accuracy,
according to Balasubramaniyan. Since the system continuously learns, after two calls its accuracy jumps to 96 percent and by the time a fifth call is made,
the researchers say Pindrop has 100 percent accuracy at identifying the caller.
The researchers are also looking to expand Pindrop's capabilities, with built-in capabilities that identify the country of origin of a call even if you have
never received a call from there before. So far they have gained experience in learning the difference between audio call signatures coming from connections
to Australia, India, United Arab Emirates, United Kingdom and France.