So some of you might remember this post (and the subsequent demonstration on national news) of using a voice cloning tool (AI, Audio Deep Fake) by @racheltobac

Link to post: https://infosec.exchange/@racheltobac/110963070495263373

(If you haven't seen it, go watch it. Rachel is amazing.)

I'd never needed to do a similar attack before, but! I was just tasked yesterday with researching it.

Asked some friends for a turn-key solution to clone voices. Got pointed to a website. Signed up for $1 a month (first month... then it goes to $5 a month thereafter).

Pulled some audio of my target's voice down from a youtube interview (a podcast works great too).

Only needed a minute's worth of audio.

Uploaded it to the website for cloning.

Typed out a quick script for the voice to read.

30 seconds later, I had my cloned audio.

It was so good, that it even included natural voice inflections AND!!! verbal pauses like umm's and uhh's that matched the target's original presentation. I can't tell the difference between the cloned voice and the original person.

Y'all... voice cloning and audio deep fakes are well past the ease of "script-kiddy" level. Anyone can do it.

#infosec #hacking #socialEngineering #scams #deepfake #AI #phishing #vishing