AppSec EU 2017 Pentesting Voice Biometrics Solutions by Jakub Kaluzny
https://www.ispeech.org
The era of scratch cards, RSA tokens, SMS codes and different variations of second factor authentication (and authorization) devices is soon to be over. The question is - what will replace current 2-FA methods - smart mobile applications or biometric solutions? And how quickly will the attackers find ways to bypass these methods.
One of the most popular biometric authentication already being widely implemented is voice biometrics. In this talk, expect to learn:
- how to pentest voice biometrics
- tools for automating calls to IVR channels
- how good is a good microphone
- how to fuzz the voice and identify key biometric characteristics and thresholds to bypass the algorithms
- how these kind of solutions compare to standard password metrics
I am sharing my experience of pentesting few voice biometrics systems, fuzzing voice in IVR channels, abusing implementation in mobile apps, and finally, I define security requirements for implementing this kind of solutions
-
Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project
2017-05-26 09:46:21
source
Gloss