Centrelink and ATO voice identification system complete with security flaws

A security vulnerability has been discovered in a widely-used cloud application, which could put millions of users at risk.
22 March 2023
Image by Tumisu from Pixabay

A Guardian Australia investigation has found that a voice identification system used by the Australian government for millions of people has a serious security flaw.

Centrelink and the Australian Taxation Office (ATO) both give people the option of using a “voiceprint”, along with other information, to verify their identity over the phone, allowing them to then access sensitive information from their accounts.

Services Australia, the department that oversees Centrelink, says the service is “secure, accurate and reliable”.

But Guardian Australia has confirmed that the voiceprint system can be fooled by an AI-generated voice.

Using just four minutes of audio, a Guardian Australia journalist was able to generate a clone of their own voice and was then able to use this, combined with their customer reference number, to gain access to their own Centrelink self-service account.

When Guardian Australia contacted Services Australia with details of the security vulnerability, it declined to say if the voiceprint technology would be changed or removed from Centrelink.

A spokesperson, Hank Jongen, said Services Australia “has the capacity to continually assess risks and update processes accordingly” and that voice ID is a “highly secure authentication method” used by Centrelink.”

- CyberBeat

 

About CyberBeat

CyberBeat is a grassroots initiative from a team of producers and subject matter experts, driven out of frustration at the lack of media coverage, responding to an urgent need to provide a clear, concise, informative and educational approach to the growing fields of Cybersecurity and Digital Privacy.

Contact CyberBeat

If you have a story of interest, a comment, a concern or if you'd just like to say Hi, please contact us

Terms & Policies >>

Sponsors

We couldn't do this without the support of our sponsors and contributors.