Voice changing software for penetration testing

securityWhen conducting penetration testing, it’s common to conduct at least a minor social engineering vulnerability assessment over the telephone. If your security organization is short on voice actors or if one of your team needs to talk to a known associate at length, voice changing software can prove to be useful.

Social Engineering

When I performed social engineering vulnerability studies, it was common for my first story to fail to get the proper information required for access or privilege escalation, forcing me to call back later with another story, and often try to get information from the same person that I last spoke with. I’m limited to two voices that I can pull off myself. Besides my normal speaking voice, I do a decent Indian accent, but it’s difficult for me to change the pitch or timbre of my voice.

After two attempts, I have to recruit someone else to make further calls. This can work okay, provided that the other people on your team are also skilled in manipulation and can be or are willing to be pulled off of whatever they’re working on.

I’d never really considered voice changing software before, because I didn’t want to sound like the guy in the “Scream” movies, or like the anonymous telephone caller that one hears in movies using the obviously computer altered voice. Those obviously distorted voices would likely prove worthless when trying to fly under the radar, so to speak, and gain someone’s trust.

However, that changed last year when a good friend of mine came to me with a technical problem. We’ll call that friend “Bob”, just for this story. Bob had suspected that his boyfriend was cheating on him, for a second time. We’ll call his boyfriend, John.

Why Voice Changing Software?

Bob had caught John logging into an online hookup site where the two of them had first met. John claimed that he was just on there to chat. Suspicious, Bob created a fake profile on the hookup site, and started messaging John as “Dave” to see if John was telling the truth. Soon, John wanted to move the conversation with “Dave” to the phone, partially because he thought that Bob might be setting a trap for him.

Bob’s fake profile, Dave, needed to talk to John on the telephone. Bob had to be Dave, because only Bob knew Dave’s back story, and so the technical problem that Bob asked me for help with was that Bob needed to change his voice on the phone to sound like someone else.

Finding the Right Technology

AV Voice Changer Software
AV Voice Changer Software

I started downloading various applications to try them out. I started with Skype Voice Changer, which is an open source project intended to extend on Mark Heath’s MSDN CODING4FUN article with the same name. I played with this program for quite some time, but was completely unable to get it to work, let alone change my voice.

I tried every program that I could find, but I don’t remember all of them. I do remember trying out Screaming Bee’s MorphVox, only because it didn’t clean itself up very well after uninstalling it and my friend’s computer still had a “Screaming Bee” folder in his Start menu for awhile afterward.

I remember though that a lot of the different programs had similar interfaces and I would almost say that they had all started as the same program and had been branched. The program that I ended up trying that had good results was called AV Voice Changer Software from Audio4fun/Avnex. This company offers three versions of the software, but their lowest end model at $29.95 worked fine for our purposes. Although it came with less presets, I found that none of the presets were usable anyway.

Most of the voice changing software that I tried claimed to allow one to sound old, young, male, or female. However, none of the voices were believable. They all sounded obviously digitally distorted.  The best way to sound like someone else, and to keep the voice sounding human, was to make slight changes to the settings. A slight adjustment of the pitch, and the timbre had the best effects. Additionally, adjusting the frequency of the output was necessary in the streaming settings to soften the voice and get rid of the robotic sound.

Operation Dave

After a lot of tweaking, we found a voice for Dave. When playing back a recording of Bob speaking through the voice changing software, I wasn’t able to identify the voice as belonging to Bob. I doubted that his boyfriend would be able to either, and I was correct. Bob purchased some calling minutes on Skype, we connected the voice changing software to Skype’s input and output, and did some tests. After a few tests to make sure it worked, Bob called John’s cell phone and talked to his own boyfriend for almost an hour as Dave, without John knowing.

Unfortunately, John was not only willing to cheat on Bob with “Dave”, but was eager to.

This type of software should prove handy to organizations doing social engineering assessments over the telephone as part of their penetration testing.

Some Caveats and Samples

Note that if one has a distinctive speech pattern or accent, one is unlikely to get very good results with voice changing software. One will also want to ensure that one words sentences a little different than one would normally.

IMPORTANT: Contrary to what is on their web site, Avnex/Audio4fun has a crippling anti-piracy activation process which prevents one from upgrading any hardware in one’s computer without losing the software activation, and encountering problems with the software until one purchases it again. Additionally the software may be contacting a remote activation server each time it is ran. I have not yet had a chance to audit the software. The inability to transfer the license to another computer, or even upgrade the hardware of the computer that it’s licensed to, will make AV Voice Changing Software difficult to include in many organizations’ penetration testing or social engineering toolkit.

Three files are available below. A voice recording of Bob, one of Dave, and the settings file from AV Voice Changer Software.


Leave a Reply

Your email address will not be published. Required fields are marked *