Biometrics authentication are increasingly present in our lives. While biometrics were at first essentially dedicated to access control, they play an increasing role in payment: we are all accustomed now to fingerprints or face recognition for payments.

Google now goes a step further, building upon the built-in capabilities of Google Assistant. The device already included voice authentication used mainly to unlock it. Now, Google adds “Confirm with Voice Match,” a function that uses voice recognition to authenticate users for payments. The company says they have improved the accuracy of their voice recognition routines thanks to longer sentences analysis.

For the time being, the feature, which is in pilot stage, is limited to in-app purchases made through the Google Play store, but once the technology is validated, there is no reason for Google not to expand it to all Google Shopping. This new feature brings additional security to users, for instance preventing their kids to make uncontrolled purchases.

However, the architecture of home assistants still poses a problem. As these devices do not include any secure architecture, all authentication is to be completed on the company’s servers. In other terms, a candidate voice for authentication is to be compared to samples kept on Google servers, leading to think that huge amounts of voice patterns are kept on Google databases, making them a prime target for cyberattacks. Also, nothing is said about data encryption between each Google Assistant and the servers.

With voice synthesis, any hacker either attacking Google servers or wiretapping communications will have all the means to emulate users’ voices impersonating them in always more ways. A first risk is purchases through Google assistant, but this may just be a step towards full identity theft.