Seja a primeira pessoa a gostar disto
The era of scratch cards, RSA tokens, SMS codes and different variations of second factor authentication (and authorization) devices is soon to be over. The question is – what will replace current 2-FA methods – smart mobile applications or biometric solutions? And how quickly will the attackers find ways to bypass these methods.
One of the most popular biometric authentication already being widely implemented is voice biometrics. In this talk, expect to learn:
– a systematic approach how to pentest voice biometrics
– tools for automating calls to IVR channels
– how good is a good microphone
– how to fuzz the voice and identify key biometric characteristics and thresholds to bypass the algorithms
– how these kind of solutions compare to standard password metrics
– how easy is it to abuse or bypass voice biometrics
I am sharing my experience of pentesting few voice biometrics systems, fuzzing voice in IVR channels, abusing implementation in mobile apps, and finally, I define security requirements for implementing this kind of solutions.