This has a simple fix, disable the option during setup Credit: Maurizio Pesce Using your voice to unlock a phone sounds cool, but for some security professionals that’s a security trade-off they’re unwilling to make.On Tuesday, one researcher discovered the downside of the Trusted Voice feature on Google’s Pixel that could put devices at risk. The problem is, this feature is enabled by default, which is a change from previous releases.Dave Kennedy, the founder of TrustedSec and Binary Defense Systems, as well as the author of the Social Engineering Toolkit, discovered that he could play a recording of his own voice and use it to unlock his Google Pixel.He isn’t the first to discover this, but the topic is worth revisiting. One of the concerns surrounding this feature is that someone who isn’t familiar with the phone’s settings could use their new Pixel for work. Any sensitive documents or data on the device could then be obtained with little to no effort on the part of an attacker.It isn’t hard to record someone saying “OK Google” or possibly edit a recording of those two words together in order to unlock a device. It’s worth noting that Trusted Voice has been around almost as long as “OK Google” has, as far as features on Android are concerned. However, not all devices support this function.In other versions, the option was disabled by default, but that isn’t the case on new Pixel devices. Google does offer a warning during setup, but many consumers will overlook this in favor of finishing the process so they can use their device.On the screen where Trusted Voice is enabled, Google says the feature “can be less secure.”“A similar voice or a recording of your voice could unlock your phone. But after one attempt, you must unlock your phone another way,” the warning states.The one-and-done aspect of this login attempt is a decent protection scheme, but again – it doesn’t stop someone from simply recording a person using this feature as normal, and playing it back later.Kennedy posted a video showing Trusted Voice in action. If this feature is a concern, the fix is rather basic.Go into settings (within the Google App, press the menu icon at the top left of the screen). From there, go to Voice, and disable “OK Google” detection. If Trusted Voice is disabled, the user will be prompted to unlock the device each time “OK Google” is used with the screen lock enabled.Again, this isn’t a massive vulnerability, or earth shattering security problem. It’s a trade-off between security and convenience. But it’s a feature that administrators should be aware of as new Android devices enter the workplace. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe