Security News

Is voice cloning a security threat?

Plus, the Ring doorbell gets a security upgrade and Xbox gives parents more spending control

Advances in voice cloning have brought computer-generated audio to a level the BBC reports “is now said to be unnervingly exact” and that some experts believe may constitute a substantial security hazard. The AI-led technology learns and adapts on its own, and it has evolved greatly over the past few years. The newest iterations of the software can assimilate not just one’s accent, but also their timber, pitch, pace, flow of speaking, and breathing. Moreover, the cloned voice can be manipulated to express a range of emotions including anger, fear, happiness, love, or boredom. 

While this new tech offers some benefits, particularly for those unable to talk, the other side of the coin is the security risk. “Vishing, or voice phishing, is a reality and is happening,” commented Avast Security Evangelist Luis Corrons. “With voice cloning, attacks could get more sophisticated, spoofing someone’s voice in conjunction with a BEC attack, for example.” Some governments and law enforcement agencies, like Europol, are looking into the development of new technology that can detect deepfakes like synthetic voices. 

Amazon responds to feedback, provides end-to-end encryption

For years, privacy advocates using Amazon’s Ring doorbell have been requesting an option that would encrypt their video streams and keep them private. This week, their request was granted as Amazon rolled out Video End-to-End Encryption (E2EE), an optional privacy feature that gives an extra layer of protection to some Ring models. It is not compatible with the company’s most popular, least expensive doorbell, however. Without E2EE, a user’s Ring videos can be viewed by any hacker who cracks into Ring’s system. For more on this story, see ZDNet. For more information on the personal data collected by Ring, see this post by Avast’s own Emma McGowan. 

Xbox responds to feedback, gives parents spending control

Since launching Xbox Family Settings last year, one of the top pieces of feedback Xbox received from parents was to include options that track and manage their children’s spending. This week, Xbox addressed that feedback in a blog post that announced several new money management features in Family Settings. Parents can now set spending limits, view their children’s balance, view spending history, and receive notifications any time their children want to make a purchase with insufficient funds. Xbox Family Settings is an app available for iOS or Android. For more on this story, see PCMag

Hacker group attacks SolarWinds with zero-day exploit 

Microsoft Threat Intelligence Center (MSTIC) reported a zero-day remote code execution exploit being used to attack SolarWinds, the Austin-based IT software and monitoring company. MSTIC did not say which SolarWinds customers were targeted, but it did say that the group behind the attack was based in China and had been observed in the past to attack the industrial defense center of the U.S. and software companies. MSTIC says it detected the zero-day attack during a routine investigation where it observed a malicious process spawning from SolarWinds’ Serv-U process. MSTIC alerted the company, and SolarWinds quickly issued a patch. For more, see Ars Technica

Verification scams on social media expected to increase

According to CNET, social media verification scams, which have been around for several years, are expected to grow as more and more people endeavor to build brands on social media platforms. Account verification began as a way to authenticate accounts deemed to be of public interest, but verification badges have morphed into status symbols. Scammers are offering easy verification on Facebook, Twitter, and Instagram for a fee, oftentimes asking users to fill out fake verification forms that mine for personal info and passwords. Users are advised to be wary of any third-party’s promise to grow their followers and provide account verification. 

This week’s ‘must-read’ on The Avast Blog

Since the beginning of 2021, there has been a rise in the prevalence of crypto-related phishing sites in certain parts of the world. The rise of these fraudulent sites is higher in countries where cryptocurrency adoption is most prevalent. In our latest research, Avast Threat Labs have monitored a selection of 37 samples — read up to find out more about our findings.