27 September 2023

You’re the voice: Why Google’s new voice match could be a problem

Start the conversation

Joanna Nelius* says Google is trialling a new assistant voice match feature, but the security details seem a little sketchy.

There are plenty of ways to use your phone to pay for stuff: You can use your face, your fingerprint, a passcode, and, now, simply your voice.

Google has just rolled out a limited pilot program that will let a few lucky people make purchases with nothing but their voice, according to The Verge.

You can only make purchases through the Google Play store and at restaurants, which seems like it could help limit accidental purchases.

Unfortunately, the Voice Match feature is not enabled on my phone, but there is a Google Assistant help page that guides you through the setup process if you think you might have it.

Android Police originally spotted the feature and also provides a (better) step-by-step guide to see if you have it.

This new feature has not been officially announced by Google, but the company did confirm to Android Police that it has officially started a pilot test.

It’s possible Google was going to announce it at its now cancelled I/O 2020 event, which was set to take place in May.

If you are able to get to the setup screen, take special note of Google’s “Keep in mind” message: “Someone with a similar voice or recording may be able to confirm purchases on devices you’re logged into.”

I can see how this feature could be beneficial to individuals with a disability that would make it hard for them to confirm purchases with a fingerprint or a face scan.

However, that warning makes it clear that Assistant Voice Match is the least secure option out of the three.

As Google notes, it could be easy for someone to trick its Assistant into thinking it’s your voice.

It seems like it would be easy and smart to add another security measure like Amazon’s Alexa, which gives you the option to set up a voice-activated PIN number to confirm purchases.

However, there’s a Star Trek: The Next Generation episode that clearly lays out the worst possible scenario for something like that: Data takes control of the Enterprise by mimicking Captain Picard’s voice and locks the entire crew out of the computer with a long numeric encryption.

While I don’t foresee anyone getting locked out of their Google or Amazon accounts in the same way, anyone in your household with a recording of your voice, especially of you saying your PIN, could order something using your stored credit card information.

Voice assistants aren’t that secure in general.

Professionals who deal with sensitive client information have been advised to turn off their smart speakers while working from home.

Google or Amazon employees could be listening in on your recordings, but you’ll have no idea if they actually are or not.

You can always change your credit card and password information if it gets stolen, but you can never get your dignity back if you find out someone has listened to you confirming, ahem, adult purchases.

* Joanna Nelius is a staff reporter for Gizmodo. She tweets at @JLNwrites.

This article first appeared at www.gizmodo.com.au.

Start the conversation

Be among the first to get all the Public Sector and Defence news and views that matter.

Subscribe now and receive the latest news, delivered free to your inbox.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.