A Survey of Threats Against Voice Authentication and Anti-Spoofing Systems

Voice authentication has undergone significant changes from traditional systems that relied on handcrafted acoustic features to deep learning models that can extract robust speaker embeddings. This advancement has expanded its applications across finance, smart devices, law enforcement, and beyond. However, as adoption has grown, so have the threats. This survey presents a comprehensive review of the modern threat landscape targeting Voice Authentication Systems (VAS) and Anti-Spoofing Countermeasures (CMs), including data poisoning, adversarial, deepfake, and adversarial spoofing attacks. We chronologically trace the development of voice authentication and examine how vulnerabilities have evolved in tandem with technological advancements. For each category of attack, we summarize methodologies, highlight commonly used datasets, compare performance and limitations, and organize existing literature using widely accepted taxonomies. By highlighting emerging risks and open challenges, this survey aims to support the development of more secure and resilient voice authentication systems.

• Publication year

  2025

• Venue

  arXiv.org

• Publication date

  2025-08-22

• Fields of study

  Law, Computer Science

• Identifiers
  DOI 10.48550/arXiv.2508.16843arXiv 2508.16843
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Convolutional neural network-based detection of audio replay attacks in speaker verification systems

  2025cited by this paper
• Partial Fake Speech Attacks in the Real World Using Deepfake Audio

  2025cited by this paper
• Mitigating Backdoor Triggered and Targeted Data Poisoning Attacks in Voice Authentication Systems

  2025cited by this paper
• SyntheticPop: Attacking Speaker Verification Systems With Synthetic VoicePops

  2025cited by this paper
• DS-TTS: Zero-Shot Speaker Style Adaptation from Voice Clips via Dynamic Dual-Style Feature Modulation

  2025cited by this paper
• Audio Deepfake Detection: What Has Been Achieved and What Lies Ahead

  2025cited by this paper
• Malacopula: adversarial automatic speaker verification attacks using a neural-based generalised Hammerstein model

  2024cited by this paper
• EmoBack: Backdoor Attacks Against Speaker Identification Using Emotional Prosody

  2024cited by this paper
• Securing Voice Authentication Applications Against Targeted Data Poisoning

  2024cited by this paper
• XTTS: a Massively Multilingual Zero-Shot Text-to-Speech Model

  2024cited by this paper
• ControlSpeech: Towards Simultaneous Zero-shot Speaker Cloning and Zero-shot Language Style Control With Decoupled Codec

  2024cited by this paper
• VoiceCraft: Zero-Shot Speech Editing and Text-to-Speech in the Wild

  2024cited by this paper
• Milestones in speaker recognition

  2024cited by this paper
• DMDSpeech: Distilled Diffusion Model Surpassing The Teacher in Zero-shot Speech Synthesis via Direct Metric Optimization

  2024cited by this paper
• Review of Methods for Automatic Speaker Verification

  2024cited by this paper
• Deep speaker embeddings for Speaker Verification: Review and experimental comparison

  2024cited by this paper
• Fish-Speech: Leveraging Large Language Models for Advanced Multilingual Text-to-Speech Synthesis

  2024cited by this paper
• SF-Speech: Straightened Flow for Zero-Shot Voice Clone

  2024cited by this paper
• MaskGCT: Zero-Shot Text-to-Speech with Masked Generative Codec Transformer

  2024cited by this paper
• DiffVC+: Improving Diffusion-based Voice Conversion for Speaker Anonymization

  2024cited by this paper
• Malafide: a novel adversarial convolutive noise attack against deepfake and spoofing detection systems

  2023cited by this paper
• OpenVoice: Versatile Instant Voice Cloning

  2023cited by this paper
• SiFDetectCracker: An Adversarial Attack Against Fake Voice Detection Based on Speaker-Irrelative Features

  2023cited by this paper
• Audio Deepfake Detection: A Survey

  2023cited by this paper
• Backdoor Attacks against Voice Recognition Systems: A Survey

  2023cited by this paper
• Breaking Security-Critical Voice Authentication

  2023cited by this paper
• Fake the Real: Backdoor Attack on Deep Speech Classification via Voice Conversion

  2023influential reference
• QFA2SR: Query-Free Adversarial Transfer Attacks to Speaker Recognition Systems

  2023cited by this paper
• Data Poisoning and Backdoor Attacks on Audio Intelligence Systems

  2023cited by this paper
• Neural Codec Language Models are Zero-Shot Text to Speech Synthesizers

  2023cited by this paper
• Adversarial attacks and defenses in Speaker Recognition Systems: A survey

  2022cited by this paper
• Push the Limit of Adversarial Example Attack on Speaker Recognition in Physical Domain

  2022cited by this paper
• WaveFuzz: A Clean-Label Poisoning Attack to Protect Your Voice

  2022cited by this paper
• PBSM: Backdoor attack against Keyword spotting based on pitch boosting and sound masking

  2022cited by this paper
• Freevc: Towards High-Quality Text-Free One-Shot Voice Conversion

  2022influential reference
• A Survey on Data Poisoning Attacks and Defenses

  2022cited by this paper
• Defend Data Poisoning Attacks on Voice Authentication

  2022cited by this paper
• AS2T: Arbitrary Source-To-Target Adversarial Attack on Speaker Recognition Systems

  2022cited by this paper
• A Review of Modern Audio Deepfake Detection Methods: Challenges and Future Directions

  2022cited by this paper
• Grad-TTS: A Diffusion Probabilistic Model for Text-to-Speech

  2021cited by this paper
• Adversarial Transformation of Spoofing Attacks for Voice Biometrics

  2021cited by this paper
• ASVspoof 2021: Automatic Speaker Verification Spoofing and Countermeasures Challenge Evaluation Plan

  2021cited by this paper
• Study of Pre-Processing Defenses Against Adversarial Attacks on State-of-the-Art Speaker Recognition Systems

  2021cited by this paper
• Adversarial Examples Make Strong Poisons

  2021cited by this paper
• Unlearnable Examples: Making Personal Data Unexploitable

  2021cited by this paper
• A review on speaker recognition: Technology and challenges

  2021cited by this paper
• Voiceprint Mimicry Attack Towards Speaker Verification System in Smart Home

  2020cited by this paper
• Voxceleb: Large-scale speaker verification in the wild

  2020cited by this paper
• Practical Adversarial Attacks Against Speaker Recognition Systems

  2020cited by this paper
• Flowtron: an Autoregressive Flow-based Generative Network for Text-to-Speech Synthesis

  2020cited by this paper
• Research finds automated voice imitation can fool humans and machines

  2020cited by this paper
• Glow-TTS: A Generative Flow for Text-to-Speech via Monotonic Alignment Search

  2020cited by this paper
• FastSpeech 2: Fast and High-Quality End-to-End Text to Speech

  2020cited by this paper
• Tandem Assessment of Spoofing Countermeasures and Automatic Speaker Verification: Fundamentals

  2020cited by this paper
• Voice Conversion Challenge 2020: Intra-lingual semi-parallel and cross-lingual voice conversion

  2020cited by this paper
• Adversarial Machine Learning in Image Classification: A Survey Toward the Defender’s Perspective

  2020cited by this paper
• Backdoor Attack Against Speaker Verification

  2020cited by this paper
• One-Class Learning Towards Synthetic Voice Spoofing Detection

  2020cited by this paper
• ASVspoof 2019: Future Horizons in Spoofed and Fake Audio Detection

  2019cited by this paper
• Adversarial Attacks on GMM I-Vector Based Speaker Verification Systems

  2019cited by this paper
• VoicePop: A Pop Noise based Anti-spoofing System for Voice Authentication on Smartphones

  2019cited by this paper
• Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems

  2019cited by this paper
• Adversarial Attacks on Spoofing Countermeasures of Automatic Speaker Verification

  2019cited by this paper
• Detecting AI Trojans Using Meta Neural Analysis

  2019cited by this paper
• DEEPSEC: A Uniform Platform for Security Analysis of Deep Learning Model

  2019cited by this paper
• Adversarial Attacks and Defenses in Images, Graphs and Text: A Review

  2019cited by this paper
• The JHU ASR System for VOiCES from a Distance Challenge 2019

  2019cited by this paper
• Zero-Shot Voice Style Transfer with Only Autoencoder Loss

  2019cited by this paper
• One-shot Voice Conversion by Separating Speaker and Content Representations with Instance Normalization

  2019cited by this paper
• VoxCeleb2: Deep Speaker Recognition

  2018cited by this paper
• StarGAN-VC: non-parallel many-to-many Voice Conversion Using Star Generative Adversarial Networks

  2018cited by this paper
• Trojaning Attack on Neural Networks

  2018cited by this paper
• Fooling End-To-End Speaker Verification With Adversarial Examples

  2018cited by this paper
• Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks

  2018cited by this paper
• Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning

  2018cited by this paper
• CycleGAN-VC: Non-parallel Voice Conversion Using Cycle-Consistent Adversarial Networks

  2018cited by this paper
• AISHELL-2: Transforming Mandarin ASR Research Into Industrial Scale

  2018cited by this paper
• X-Vectors: Robust DNN Embeddings for Speaker Recognition

  2018cited by this paper
• VoxCeleb: A Large-Scale Speaker Identification Dataset

  2017cited by this paper
• Natural TTS Synthesis by Conditioning Wavenet on MEL Spectrogram Predictions

  2017cited by this paper
• Deep Voice 3: Scaling Text-to-Speech with Convolutional Sequence Learning

  2017cited by this paper
• Automatic Speaker Recognition for Mobile Forensic Applications

  2017cited by this paper
• Deep Voice: Real-time Neural Text-to-Speech

  2017cited by this paper
• Deep Speaker: an End-to-End Neural Speaker Embedding System

  2017cited by this paper
• AISHELL-1: An open-source Mandarin speech corpus and a speech recognition baseline

  2017cited by this paper
• Tacotron: Towards End-to-End Speech Synthesis

  2017cited by this paper
• SUPERSEDED - CSTR VCTK Corpus: English Multi-speaker Corpus for CSTR Voice Cloning Toolkit

  2016cited by this paper
• WaveNet: A Generative Model for Raw Audio

  2016cited by this paper
• Librispeech: An ASR corpus based on public domain audio books

  2015cited by this paper
• ASVspoof 2015: the first automatic speaker verification spoofing and countermeasures challenge

  2015cited by this paper
• ASVspoof 2015 : Automatic Speaker Verification Spoofing and Countermeasures Challenge Evaluation Plan

  2014cited by this paper
• I-vectors meet imitators: on vulnerability of speaker verification systems against voice mimicry

  2013cited by this paper
• Applications of Speaker Recognition

  2012cited by this paper
• The NIST speaker recognition evaluations

  2012cited by this paper
• Poisoning Attacks against Support Vector Machines

  2012cited by this paper
• TIMIT Acoustic-Phonetic Continuous Speech Corpus

  2012cited by this paper
• Front-End Factor Analysis for Speaker Verification

  2011cited by this paper
• Detecting Replay Attacks from Far-Field Recordings on Speaker Verification Systems

  2011cited by this paper
• Voice Biometrics

  2011cited by this paper
• The Kaldi Speech Recognition Toolkit

  2011cited by this paper

• Vulnerabilities of Audio-Based Biometric Authentication Systems Against Deepfake Speech Synthesis

  2026cites this paper