Thursday, May 16, 2019

BSidesTLV - Proud Supporters




This year, Telspace Systems had a goal of giving back as much as we could to the information security community. This ranged from internships, research, free workshops, community based sponsorships and free training.

In line with this, we're very proud to announce that we'll be sponsoring BSides Tel Aviv 2019 (https://bsidestlv.com/), which will be hosted at Tel Aviv University, Israel.  We are very proud of the local community in Israel, and are happy to be supporting our friends and colleagues through our sponsorship of the conference as well as providing our Ethical Hacking 101 training course.

It also gives us great pride and joy to announce that we will be giving back 100% of the proceeds of our workshop to the local BSides TLV community, which is in line with our 2019 goals. We hope to see more companies doing this in order to grow the information security space worldwide and give back as much as possible to our amazing industry.

For more information about our training that we will be offering in Tel Aviv, click here:

https://bsidestlv.com/workshops/ethical-hacking-101/ . 

Registration for BSides TLV can completed at https://bsidestlv.com/register-2019/ .

We hope to see you there!

Wednesday, May 1, 2019

Put Words In My Mouth



Put Words In My Mouth | Telspace Systems Intern Research
By Amy ManiĆ 


Money has been withdrawn from your account.

You don’t remember making, or authorising that transaction.

When you follow up with the bank, they say you called earlier and requested the transfer – it was, after-all, you speaking – right? Unbeknownst to you, your voice was stolen, and so was your money.

With the rise of voice authentication biometrics, so too will the opportunities to spoof it. Text-to-Speech APIs are constantly improving, for example, Google’s technology is able to create voices that are indistinguishable from recordings made by the real-life human speaker.

Threat actors have access to a target’s voice recordings through passive channels such as YouTube videos, social media posts etc.  More active / invasive channels an attacker could use would be to compromise vulnerable IoT devices which are becoming more common place throughout homes and offices. Social media posts and IoT devices would allow threat actors to listen to a voice, capture and then manipulate it (all using free online tools).

So what exactly can be done with a ‘stolen’ voice? This research explores the vulnerabilities in IoT devices, the legal landscape surrounding these devices and the various voice cloning, authentication and recognition software currently available. The report culminates by examining the possibilities of banking fraud, by using voice-spoofing to bypass authentication and transfer funds. The report includes a demonstration of the simulated attack on a bank.

Download the full Telspace Systems research paper here which was written by Amy: 
https://github.com/telspacesystems/intern-research/blob/master/A%20MANIA%20-PUT%20WORDS%20IN%20MY%20MOUTH%20-%20FINAL(Voice%20Spoofing).pdf