cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Free voice AI can be used for Centrelink fraud

Voice AI can be used for Centrelink and Australian Taxation Office fraud, and the government needs to reallocate cyber spending to stop it, according to the Greens.

user icon Daniel Croft
Tue, 21 Mar 2023
Free voice AI can be used for Centrelink fraud
expand image

Several Australian government agencies, such as Centrelink and the Australian Taxation Office (ATO), use a voice verification tool developed by Nuance, a Microsoft-owned voice software company. This gives customers the option of verifying their identity through the use of a “voiceprint” to access sensitive information.

However, the software has a significant security flaw that allows individuals to get past verification using a free online voice artificial intelligence (AI) tool with just four minutes of audio.

A report published by The Guardian last week investigated the tool after hearing that the free tool was being used to bypass verification for phone-banking services in overseas countries.

Testing Australia’s own security, a journalist from the Aussie publication was able to access his Centrelink account using the free AI tool to trick the verification system.

The vulnerability of the voiceprint service poses a serious risk, as it has been used by 3.8 million Centrelink customers by the end of February and over 7.1 million ATO customers.

Now, Greens Senator David Shoebridge has said that federal cyber spending should be used to address the issue of AI fraud and misuse.

Shoebridge has called for the federal government to develop a framework to regulate the use and collection of biometrics, as well as for the $10 billion funding allocated to the REDSPICE cyber defence program to be used in part to protect against the misuse of AI.

“The concerns here go beyond the use of AI to trick voiceprint,” said Shoebridge.

“There are few, if any, protections on the collection or use of our biometric data to feed and train corporate AI systems.”

The Greens Senator adds that the use of voiceprint technologies is a cost-cutting method rather than one that improves the security of the Australian people.

“The government’s main objective with the use of such technologies is to cut operating costs as opposed to what is best for the millions of Australians who rely on government agencies and services,” he added.

“These government savings are almost always paid for by Centrelink’s clients.”

Despite The Guardian’s findings, the government agency that oversees Centrelink, Services Australia continues to say that the voiceprint system is secure and safe.

“Every time you use your voiceprint, our system checks your voice against the voiceprint you created. It uses secure technologies to hear parts of your voice that the human ear doesn’t,” it said on the website.

“It’s very difficult for someone to access your personal information. The system can tell when someone is pretending to be you or using a recording of your voice. We won’t give them access to your details.”

Services Australia has said that in the 2021–2022 financial year, 56,000 calls each workday used voice verification, and 39 per cent of calls to Centrelink’s main business numbers made use of voiceprint services.

In addition, 11.4 per cent of all child support calls between August 2021 and June 2022 used the voice verification software, equating to over 450 each working day.

An individual looking to access a Centrelink account using voiceprint technology would also need to have the account owner’s customer reference number. While that number is not readily available to the public, the number can be found in Centrelink correspondence documents and is not as privately protected as passwords.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.