Researchers based in Israel and India have developed a defense against automated call scams.<\/p>\n
ASRJam is a speech recognition jamming system that uses a sound modification algorithm called EchoGuard to apply natural audio perturbations to the voice of a person speaking on the phone. It’s capable of subtly distorting human speech in a way that baffles most speech recognition systems but not human listeners.<\/p>\n
The tech is needed because recent advances in machine learning, text-to-speech (TTS), and automatic speech recognition (ASR) have made it quite easy to automatically make phone calls with the intent to scam or defraud.<\/p>\n
These “vishing” attacks \u2013 like email-based phishing but using voice instead of text \u2013 see criminals and scammers use TTS to create a realistic-sounding voice that speaks words they hope will lure victims. If the recipient of a call responds, the crook’s ASR system attempts to convert their vocal response to text, so the back-end model can decipher what was said, devise a response, and conduct a conversation long enough to elicit sensitive information or prompt the victim to take an action.<\/p>\n
Vishing increased 442 percent between the first and second half of 2024, according to CrowdStrike’s 2025 Global Threat Report<\/a>. During the first half of that year, the US Federal Trade Commission said<\/a> that using AI-generated voices for phone calls is illegal.<\/p>\n As Crystal Morin, former intelligence analyst for the US Air Force and cybersecurity strategist at infosec vendor Sysdig, told The Register<\/a> in December 2024, voice-based phishing is becoming harder to detect as AI models get better.<\/p>\n Freddie Grabovski (Ben-Gurion University of the Negev), Gilad Gressel (Amrita Vishwa Vidyapeetham), and Yisroel Mirsky (Ben-Gurion University of the Negev) have come up with a defense against vishing, described in a pre-print paper<\/a> titled “ASRJam: Human-Friendly AI Speech Jamming to Prevent Automated Phone Scams.”<\/p>\n They argue that the ASR component of the scammers’ setups represents the weakest link.<\/p>\n “Our key insight is that by disrupting ASR performance, we can break the attack chain,” they explain in their paper. “To this end, we propose a proactive defense framework based on universal adversarial perturbations, carefully crafted noise added to the audio signal that confuses ASR systems while leaving human comprehension intact.”<\/p>\n The researchers say they believe they’re the first to propose a proactive defense against automated voice scams that’s practical enough to deploy.<\/p>\n ASRJam defends against vishing by running the EchoGuard algorithm in real time on end-user devices. The tool is invisible to attackers, making it more difficult to circumvent.<\/p>\n EchoGuard is also universal \u2013 it works, to varying degrees, against any AI model. It is also zero-query, meaning it doesn’t require sample ASR output to generate an audio perturbation capable of breaking the ASR model.<\/p>\n The authors say that while other ASR jamming techniques have been proposed over the past few years (AdvDDoS<\/a>, Kenansville<\/a>, and Kenku<\/a>), “none are suitable for interactive scenarios; their perturbations, though often intelligible, are perceptually harsh and impractical for interactive scenarios.”<\/p>\n ASRJam is better, they argue, because EchoGuard modifies the voice in three ways: reverberation, microphone oscillation, and transient acoustic attenuation.<\/p>\n By altering sound reflection characteristics, simulating microphone positioning changes, and subtle sound shortening, the researchers claim their method “strikes the best balance between clarity and pleasantness,” based on a survey they conducted with an unspecified number of participants.<\/p>\n