I'm a computer science professor, and my area of expertise is computer and information security. When I was in graduate school, I had the opportunity to overhear my grandmother describing to one of her fellow senior citizens what I did for a living. Apparently, I was in charge of making sure that no one stole the computers from the university. (Laughter) And, you know, that's a perfectly reasonable thing for her to think, because I told her I was working in computer security, and it was interesting to get her perspective.
我是一名計算機科學教授, 我的專業領域是 計算機與資訊安全。 我在研究所的時候, 有一次碰巧聽到我的祖母 跟她一位年長的朋友 聊到我的工作。 我的工作顯然是在確保 大學裡面的電腦不會被人偷走。(笑聲) 她會這麼想也不讓人意外, 因為我告訴她 我的工作是關於計算機安全, 她的聯想力真的很有意思。
But that's not the most ridiculous thing I've ever heard anyone say about my work. The most ridiculous thing I ever heard is, I was at a dinner party, and a woman heard that I work in computer security, and she asked me if -- she said her computer had been infected by a virus, and she was very concerned that she might get sick from it, that she could get this virus. (Laughter) And I'm not a doctor, but I reassured her that it was very, very unlikely that this would happen, but if she felt more comfortable, she could be free to use latex gloves when she was on the computer, and there would be no harm whatsoever in that.
但是,這還不是別人對我的工作的解釋 最好笑的一個。 我聽過最好笑的一次是, 在一次晚宴上, 一位女士聽到我是從事計算機安全的, 於是她向我諮詢,她說她的電腦中毒了, 她非常擔心她可能會生病, 因為她可能會感染同樣的病毒。(笑聲) 我不是醫生,但是我向她保證 這個可能性微乎其微, 但是如果她還是不放心, 可以在使用電腦的時候戴上橡膠手套, 這樣就肯定萬無一失了。
I'm going to get back to this notion of being able to get a virus from your computer, in a serious way. What I'm going to talk to you about today are some hacks, some real world cyberattacks that people in my community, the academic research community, have performed, which I don't think most people know about, and I think they're very interesting and scary, and this talk is kind of a greatest hits of the academic security community's hacks. None of the work is my work. It's all work that my colleagues have done, and I actually asked them for their slides and incorporated them into this talk.
言歸正傳,接下來我要認真地 談談如何避免電腦病毒。 我今天要跟你們聊的是有關 在我所從事的研究領域中 發生的一些駭客及網路攻擊問題, 我相信這些是 大部分人都不了解的, 並且我認為這些是既有意思又讓人害怕的, 而這次談話的內容 就是關於安全領域的經典案例。 這些事情不是發生在我身上。 這些都是我同事做的研究,而我請他們 提供一些資料加到這次談話中。
So the first one I'm going to talk about are implanted medical devices. Now medical devices have come a long way technologically. You can see in 1926 the first pacemaker was invented. 1960, the first internal pacemaker was implanted, hopefully a little smaller than that one that you see there, and the technology has continued to move forward. In 2006, we hit an important milestone from the perspective of computer security. And why do I say that? Because that's when implanted devices inside of people started to have networking capabilities. One thing that brings us close to home is we look at Dick Cheney's device, he had a device that pumped blood from an aorta to another part of the heart, and as you can see at the bottom there, it was controlled by a computer controller, and if you ever thought that software liability was very important, get one of these inside of you.
接下來首先我要講的是 體內植入醫療設備。 現在的醫療設備已經在技術方面發展了很多年。 大家從螢幕上可以看到 在1926年,第一個外置心臟起搏器被發明。 1960年第一個內置起搏器被植入人體, 如大家所願這個東西體積減少了很多, 並且技術還在不斷的進步。 到2006年,從電腦安全角度來說 我們達到了一個重要的里程碑 為什麼為這麼說? 因為這時候人體內置的設備 開始具備聯網功能。 Dick Cheney的設備可以讓我們更好的理解這一點, Dick Cheney的設備可以讓我們更好的理解這一點, 這個設備負責將血液從一個大動脈 輸送到心臟的另一個腔體, 就像你看到的,圖中的底部, 一個電腦控制器控制著整個設備, 如果你認爲這個軟體控制很重要 你可以自己裝一個。
Now what a research team did was they got their hands on what's called an ICD. This is a defibrillator, and this is a device that goes into a person to control their heart rhythm, and these have saved many lives. Well, in order to not have to open up the person every time you want to reprogram their device or do some diagnostics on it, they made the thing be able to communicate wirelessly, and what this research team did is they reverse engineered the wireless protocol, and they built the device you see pictured here, with a little antenna, that could talk the protocol to the device, and thus control it. In order to make their experience real -- they were unable to find any volunteers, and so they went and they got some ground beef and some bacon and they wrapped it all up to about the size of a human being's area where the device would go, and they stuck the device inside it to perform their experiment somewhat realistically. They launched many, many successful attacks. One that I'll highlight here is changing the patient's name. I don't know why you would want to do that, but I sure wouldn't want that done to me. And they were able to change therapies, including disabling the device -- and this is with a real, commercial, off-the-shelf device -- simply by performing reverse engineering and sending wireless signals to it.
現在一個研究小組手頭上的工作 是研究一個稱為ICD的設備。 (ICD,植入式心臟去顫器) 這是一個心律去顫器,植入人體後 控制自己的心臟節律, 已經挽救了許多人的生命。 為了不對人進行重新手術 就可以每次重新設定他們的設備, 或者做一些診斷,這個設備能夠進行無線通訊, 而這個研究小組所做的是 他們逆向工程無線協定, 做了個小設備,你在這裏看得到, 帶一個小的天線,會使用協定和ICD通信, 從而控制它。 為了使他們的實驗更真實 -由於他們無法找到任何的志願者-於是他們找到了一些 碎牛肉和一些臘肉, 包成該設備將去的人體部位的大小, 包成該設備將去的人體部位的大小, 然後把設備塞進去來做實驗, 為了使實驗更加接近真實情況。 他們完成了許多許多次成功的攻擊。 在這裏我還是要強調的是改變病人的名字。 我不知道你為什麼會想這樣做, 但我肯定不會想,這樣的事發生在我身上。 他們能夠改變的治療方法, 包括停用此設備 --這是一個真正的, 商業的,現成的設備 只需通過執行逆向工程和發送 無線信號就能控制它。可怕吧?
There was a piece on NPR that some of these ICDs could actually have their performance disrupted simply by holding a pair of headphones onto them.
NPR上有個片段講的是有些ICD 的功能竟然會被干擾, 只要簡單地把一對耳機放到它上面就發生了。
Now, wireless and the Internet can improve health care greatly. There's several examples up on the screen of situations where doctors are looking to implant devices inside of people, and all of these devices now, it's standard that they communicate wirelessly, and I think this is great, but without a full understanding of trustworthy computing, and without understanding what attackers can do and the security risks from the beginning, there's a lot of danger in this.
現在,無線和網路可以 大大提高醫療水準。 在螢幕上有幾個例子, 醫生正在植入設備到人體, 而其所有的這些設備現在 標準化了,之間可以互相進行無線通訊, 我認為這是很好的, 但沒有一個對可信任計算的完全理解, 沒有意識到攻擊者可以做什麼 和安全風險從一開始就存在的話, 這就有很多危險了。
Okay, let me shift gears and show you another target. I'm going to show you a few different targets like this, and that's my talk. So we'll look at automobiles.
好吧,讓我換個話題,告訴你另一個目標 接下來我要告訴你幾個不同的目標, 這就是我的談話。所以,我們來看看汽車吧。
This is a car, and it has a lot of components, a lot of electronics in it today. In fact, it's got many, many different computers inside of it, more Pentiums than my lab did when I was in college, and they're connected by a wired network. There's also a wireless network in the car, which can be reached from many different ways. So there's Bluetooth, there's the FM and XM radio, there's actually wi-fi, there's sensors in the wheels that wirelessly communicate the tire pressure to a controller on board. The modern car is a sophisticated multi-computer device.
這是一輛汽車,現在它有很多零部件, 很多的電子產品。 事實上,它有很多,很多不同的電腦在裏面, 比我當年在大學的實驗室更多的處理器, 他們通過有線網路連接。 而且在車上還有一個無線網路, 它可以從許多不同的方式接入。 有藍牙, FM和XM廣播, 有的竟然還有Wi-Fi ,輪胎上的感測器 通過無線通信將氣壓值傳送給 主板上的控制器。 當今的汽車是一個複雜的多電腦設備。
And what happens if somebody wanted to attack this? Well, that's what the researchers that I'm going to talk about today did. They basically stuck an attacker on the wired network and on the wireless network. Now, they have two areas they can attack. One is short-range wireless, where you can actually communicate with the device from nearby, either through Bluetooth or wi-fi, and the other is long-range, where you can communicate with the car through the cellular network, or through one of the radio stations. Think about it. When a car receives a radio signal, it's processed by software. That software has to receive and decode the radio signal, and then figure out what to do with it, even if it's just music that it needs to play on the radio, and that software that does that decoding, if it has any bugs in it, could create a vulnerability for somebody to hack the car.
那麼如果有人想攻擊它會發生什麼呢? 嗯,這就是我今天要談的 研究人員已經實現了什麼。 他們在有線網路和無線網路上放置了 攻擊設備。 現在,他們有兩個區域可以攻擊。 一個是短距離無線通訊, 在這裏你可以與附近的設備進行通信, 通過藍牙或Wi-Fi。 另一種是遠距離無線通訊, 通過蜂窩網路 或通過一個廣播電臺。 想像一下,當一輛車接收無線電信號時, 信號交給軟體處理。 該軟體接收和解碼無線電信號, 然後確定如何處理, 即使它只是音樂信號,也要交給收音機去播放, 如果這個解碼軟體有 任何的漏洞,那麼就成為有人破解車的 攻擊點。
The way that the researchers did this work is, they read the software in the computer chips that were in the car, and then they used sophisticated reverse engineering tools to figure out what that software did, and then they found vulnerabilities in that software, and then they built exploits to exploit those. They actually carried out their attack in real life. They bought two cars, and I guess they have better budgets than I do. The first threat model was to see what someone could do if an attacker actually got access to the internal network on the car. Okay, so think of that as, someone gets to go to your car, they get to mess around with it, and then they leave, and now, what kind of trouble are you in? The other threat model is that they contact you in real time over one of the wireless networks like the cellular, or something like that, never having actually gotten physical access to your car.
研究人員做這項工作的方式是 他們從車載電腦中讀出軟體, 然後他們用先進 的逆向工程工具 弄清楚軟體做了什麼, 然後他們發現該軟體中的漏洞, 然後他們利用這些漏洞建立了一些開拓工具。 他們在實際環境下進行他們的攻擊實驗。 他們買了兩輛車,我想 他們有比我更好的預算。 第一個威脅模型是看 如果一個攻擊者獲得到 內部網路的連接,他可以做什麼 嗯,大家這樣想一下,有人進到你的車裏, 把裏面的設備搞得一團糟,然後他們離開, 而現在,你陷入了什麼樣的麻煩? 另一個威脅模型是, 他們通過無線網路, 如蜂窩電話,或類似的東西,即時地與您和車搭上線, 但從來沒有通過物理方式接觸你的車。
This is what their setup looks like for the first model, where you get to have access to the car. They put a laptop, and they connected to the diagnostic unit on the in-car network, and they did all kinds of silly things, like here's a picture of the speedometer showing 140 miles an hour when the car's in park. Once you have control of the car's computers, you can do anything. Now you might say, "Okay, that's silly." Well, what if you make the car always say it's going 20 miles an hour slower than it's actually going? You might produce a lot of speeding tickets.
這就是看起來像第一種模式的設備, 需要進入車內。 他們放置一台筆記本電腦, 並連接車內網路的診斷模組, 然後他們做了各種愚蠢的事情, 就像這張圖片,車速里程表 顯示140公里的時速,但是汽車實際上是在駐車狀態。 一旦你擁有汽車電腦的控制, 你可以做任何事情。 現在,你可能會說: “噢,這太愚蠢了。” 那麼,如果您的車總顯示20英里的時速, 比它實際的速度低,這會怎麼樣? 您可能會產生大量超速行駛的罰單。
Then they went out to an abandoned airstrip with two cars, the target victim car and the chase car, and they launched a bunch of other attacks. One of the things they were able to do from the chase car is apply the brakes on the other car, simply by hacking the computer. They were able to disable the brakes. They also were able to install malware that wouldn't kick in and wouldn't trigger until the car was doing something like going over 20 miles an hour, or something like that. The results are astonishing, and when they gave this talk, even though they gave this talk at a conference to a bunch of computer security researchers, everybody was gasping. They were able to take over a bunch of critical computers inside the car: the brakes computer, the lighting computer, the engine, the dash, the radio, etc., and they were able to perform these on real commercial cars that they purchased using the radio network. They were able to compromise every single one of the pieces of software that controlled every single one of the wireless capabilities of the car. All of these were implemented successfully.
然後,他們帶了兩輛車去了一個廢棄的飛機跑道, 目標受害車和主動攻擊車, 然後他們實施了一堆其他的攻擊。 從攻擊車裏他們能夠做到的事情之一 是操作另一輛汽車的刹車, 只需通過入侵該車的電腦。 他們可以禁用制動器。 他們還能夠安裝惡意軟體, 通常情況下這個軟體不會被觸發,直至如車輛 時速超過每小時20英里,或類似的情況。 結果是驚人的,而當他們進行公開講座時, 即使他們的講座的觀眾是 一堆的電腦安全研究人員, 每個人都倒抽一口涼氣。 他們能夠接管車內一堆的關鍵電腦: 如刹車電腦,照明電腦, 發動機電腦,儀錶電腦,無線電電腦等, 他們是能夠執行這些惡意程式 在他們購買的市場上 已有的商用汽車上,通過使用無線網路。 他們能夠攻擊車上每一個 帶有無線功能的模組軟體 的任何一部分。 所有這些都已成功實施。
How would you steal a car in this model? Well, you compromise the car by a buffer overflow of vulnerability in the software, something like that. You use the GPS in the car to locate it. You remotely unlock the doors through the computer that controls that, start the engine, bypass anti-theft, and you've got yourself a car.
在這個模型中,你會如何偷一輛車? 好了,你可以通過車載軟體的緩衝區溢出漏洞 來攻擊,或者類似的東西。 您使用車裏的GPS來定位它。 您通過電腦控制遠端解鎖, 啟動引擎,繞過防盜系統, 然後你就為自己搞到一輛車。
Surveillance was really interesting. The authors of the study have a video where they show themselves taking over a car and then turning on the microphone in the car, and listening in on the car while tracking it via GPS on a map, and so that's something that the drivers of the car would never know was happening.
監控這個過程是非常有趣的。 這項研究的作者有一個視頻在那裏展示 他們自己入侵了汽車, 然後打開車裏的麥克風,並進行監聽, 同時通過GPS在地圖上跟蹤它 還做了一些類似的事情,但汽車裏的駕駛員 永遠也不會知道發生了什麼。
Am I scaring you yet? I've got a few more of these interesting ones. These are ones where I went to a conference, and my mind was just blown, and I said, "I have to share this with other people."
我嚇著你了嗎? 我還有有幾個這些有趣的例子。 我有一次去參加一個會議, 然後我完全被驚呆了, 然後我說:“我要與其他人分享這些事情。
This was Fabian Monrose's lab at the University of North Carolina, and what they did was something intuitive once you see it, but kind of surprising. They videotaped people on a bus, and then they post-processed the video. What you see here in number one is a reflection in somebody's glasses of the smartphone that they're typing in. They wrote software to stabilize -- even though they were on a bus and maybe someone's holding their phone at an angle -- to stabilize the phone, process it, and you may know on your smartphone, when you type a password, the keys pop out a little bit, and they were able to use that to reconstruct what the person was typing, and had a language model for detecting typing. What was interesting is, by videotaping on a bus, they were able to produce exactly what people on their smartphones were typing, and then they had a surprising result, which is that their software had not only done it for their target, but other people who accidentally happened to be in the picture, they were able to produce what those people had been typing, and that was kind of an accidental artifact of what their software was doing.
這是Fabian Monrose 在北卡羅萊納大學的實驗室, 他們研究的是你看到的直觀的普通事物, 但結果是令人驚訝的。 他們在公共汽車上對人進行錄影, 然後進行後期處理。 你在這裏看到的第一個圖是在某個人 的眼鏡中反射的智慧手機在 打字的圖像 他們用軟體以穩定 - 即使他們是在公共汽車上(來回晃動), 或者有人在一個角度拿著自己的手機 穩定電話圖像,處理圖像,然 後你可能知道了,在您的智慧手機上, 當你輸入一個密碼,字母會彈出一會兒, 然後他們就能用它來重建剛才輸入的資訊。 並且他們有一個語言模型。 很有趣的是,通過在公共汽車上錄影, 他們能夠精確地得知人們在他們的 智慧手機打的字, 然後他們有一個驚人的結果, 軟體不僅完成對目標的監控分析, 而且也把碰巧出現在 圖像中的其他人 的打字輸入也分析出來了, 這是他們的軟體的一個意外的收穫。
I'll show you two more. One is P25 radios. P25 radios are used by law enforcement and all kinds of government agencies and people in combat to communicate, and there's an encryption option on these phones. This is what the phone looks like. It's not really a phone. It's more of a two-way radio. Motorola makes the most widely used one, and you can see that they're used by Secret Service, they're used in combat, it's a very, very common standard in the U.S. and elsewhere. So one question the researchers asked themselves is, could you block this thing, right? Could you run a denial-of-service, because these are first responders? So, would a terrorist organization want to black out the ability of police and fire to communicate at an emergency? They found that there's this GirlTech device used for texting that happens to operate at the same exact frequency as the P25, and they built what they called My First Jammer. (Laughter) If you look closely at this device, it's got a switch for encryption or cleartext. Let me advance the slide, and now I'll go back. You see the difference? This is plain text. This is encrypted. There's one little dot that shows up on the screen, and one little tiny turn of the switch. And so the researchers asked themselves, "I wonder how many times very secure, important, sensitive conversations are happening on these two-way radios where they forget to encrypt and they don't notice that they didn't encrypt?"
我再給展示兩個例子。一個是P25無線電通話機。 P25無線電通話機用於執法機構、 各種政府機構 和民眾在戰鬥中的通話, 而且這些手機有個加密選項。 這是就是P25無線電通話機,這不是一個真正的電話。 這是一個雙向無線電。 使用得最廣泛的是由摩托羅拉所製造的,你可以看到, 特勤組織在使用它,他們在戰鬥中使用它, 在美國和其他地方,這是一個非常普遍的標準裝備。 因此,一個研究人員問自己的問題是, 你能否遮罩這個東西,對不對呢? 你可以運行一個拒絕服務, 因為這個東西採用第一反應機制? 所以,在緊急情況下,一個恐怖組織會不糊黑掉 員警和消防的通訊能力? 他們發現有一個GirlTech公司的玩具可以用來發短信, 工作頻率和P25完全相同, 於是他們就用這個東西建立了他們所稱的 “我的第一個干擾器”。(笑聲) 如果你仔細觀察此設備 它有一個開關,用於設定加密發送或明文發送。 讓我前進一下幻燈片,現在我回去。 你看到其中的差別嗎? 這是純文本。這是加密的。 有一個小點,顯示在螢幕上, 和一個小的轉換開關。 因此,研究人員問自己, “我不知道有多少次,非常機密的、重要的、敏感的對話 發生在這些雙向無線電設備上,他們忘了加密 並且他們沒有注意到在進行未加密的通話嗎?”
So they bought a scanner. These are perfectly legal and they run at the frequency of the P25, and what they did is they hopped around frequencies and they wrote software to listen in. If they found encrypted communication, they stayed on that channel and they wrote down, that's a channel that these people communicate in, these law enforcement agencies, and they went to 20 metropolitan areas and listened in on conversations that were happening at those frequencies. They found that in every metropolitan area, they would capture over 20 minutes a day of cleartext communication. And what kind of things were people talking about? Well, they found the names and information about confidential informants. They found information that was being recorded in wiretaps, a bunch of crimes that were being discussed, sensitive information. It was mostly law enforcement and criminal. They went and reported this to the law enforcement agencies, after anonymizing it, and the vulnerability here is simply the user interface wasn't good enough. If you're talking about something really secure and sensitive, it should be really clear to you that this conversation is encrypted. That one's pretty easy to fix.
於是,他們買了一台無線電掃描設備。這是完全合法的, 然後他們運行在P25的頻段上, 然後他們在附近的頻段上跳來跳去的掃描, 他們寫軟體監聽, 如果他們發現加密的通信 他們停留在該頻道上,記下來,這是一個 執法機構的人們在通話的頻道, 執法機構的人們在通話的頻道, 然後他們去了20個大都市地區,在這些頻率上監聽。 在這些頻率上監聽。 他們發現,在每一個大都市區, 每天他們將捕獲超過20分鐘 明文通信。 人們在談論什麼樣的東西呢? 嗯,他們發現了需要保密的報案人的名字和資訊。 的名字和資訊。 在監聽設備中記錄的資訊, 包括對一堆的犯罪進行的討論和 其他敏感資訊。 這主要是執法和刑事方面的。 他們匿名了這些資訊後報給 了執法機構, 這裏的脆弱性簡單來說在於用戶介面 還不夠好。如果你在談論 什麼真正的安全和敏感的, 那麼這種談話必須是要加密的。 這是很容易解決。
The last one I thought was really, really cool, and I just had to show it to you, it's probably not something that you're going to lose sleep over like the cars or the defibrillators, but it's stealing keystrokes. Now, we've all looked at smartphones upside down. Every security expert wants to hack a smartphone, and we tend to look at the USB port, the GPS for tracking, the camera, the microphone, but no one up till this point had looked at the accelerometer. The accelerometer is the thing that determines the vertical orientation of the smartphone. And so they had a simple setup. They put a smartphone next to a keyboard, and they had people type, and then their goal was to use the vibrations that were created by typing to measure the change in the accelerometer reading to determine what the person had been typing. Now, when they tried this on an iPhone 3GS, this is a graph of the perturbations that were created by the typing, and you can see that it's very difficult to tell when somebody was typing or what they were typing, but the iPhone 4 greatly improved the accelerometer, and so the same measurement produced this graph. Now that gave you a lot of information while someone was typing, and what they did then is used advanced artificial intelligence techniques called machine learning to have a training phase, and so they got most likely grad students to type in a whole lot of things, and to learn, to have the system use the machine learning tools that were available to learn what it is that the people were typing and to match that up with the measurements in the accelerometer. And then there's the attack phase, where you get somebody to type something in, you don't know what it was, but you use your model that you created in the training phase to figure out what they were typing. They had pretty good success. This is an article from the USA Today. They typed in, "The Illinois Supreme Court has ruled that Rahm Emanuel is eligible to run for Mayor of Chicago" — see, I tied it in to the last talk — "and ordered him to stay on the ballot." Now, the system is interesting, because it produced "Illinois Supreme" and then it wasn't sure. The model produced a bunch of options, and this is the beauty of some of the A.I. techniques, is that computers are good at some things, humans are good at other things, take the best of both and let the humans solve this one. Don't waste computer cycles. A human's not going to think it's the Supreme might. It's the Supreme Court, right? And so, together we're able to reproduce typing simply by measuring the accelerometer. Why does this matter? Well, in the Android platform, for example, the developers have a manifest where every device on there, the microphone, etc., has to register if you're going to use it so that hackers can't take over it, but nobody controls the accelerometer.
最後一個,我想是真的、真的很酷, 我這就把它展示給你,它可能不是那種 會讓你會失眠的東西, 比如類似汽車電腦或心臟除顫器, 但它可以偷按鍵資訊。 現在,我們上下顛倒著看一下智慧手機。 每個安全專家想要攻擊一個智慧手機, 都傾向於從USB埠、GPS跟蹤、 相機、麥克風,但沒有一個到現在為止 看過加速計。 加速度計的決定了智慧手機 在垂直方向的角度。 因此,他們做了一個簡單的設置。 他們把智慧手機放到鍵盤的旁邊, 然後有人打字,然後他們的目標是 通過使用加速度計 測量打字產生的振動的讀數的變化, 以確定打字內容。 現在,當他們用iPhone 3GS嘗試這種方法時, 打字會產生一個圖形的擾動, 你可以看到,很難 確認什麼時候人在打字和打字內容, 但在iPhone 4大大改善了加速度計, 所以相同的測量動作 產生了這個曲線圖。 現在這個圖給你了大量資訊, 當有人打字的時候。接下來他們採用 先進的人工智慧技術稱為機器學習 來進行訓練階段, 所以他們叫來潛在的研究生們, 輸入了一大堆的東西,去學習, 使系統運用機器學習的工具, 瞭解人們輸入的內容, 然後去匹配 加速度計的測量資料。 再有就是攻擊階段, 一個人在那裏打字,你不知道他打的是什麼東西, 但你用你在訓練階段時的模型進行匹配, 就可以弄清楚他們輸入內容。 他們有相當高的成功率。 這是從“今日美國”的一篇文章。 他們鍵入“伊利諾州最高法院裁定, 伊曼紐爾符合競選芝加哥市長的條件” 看,我把它綁在最後一次談話 “並命令他繼續競選”。 現在,該系統很有趣,因為它生成了 “伊利諾州最高法院” ,然後他就不確定了。 該模型產生了一堆的選項, 這是AI技術的美妙之處, 電腦在一些方面擅長, 人類在其他方面擅長, 結合兩者的最優,讓人類解決這個問題。 不要浪費電腦的運算。 一個人不會認為這是最高法院的威力。 這是最高法院,對不對? 所以,我們一起能夠簡單地 通過測量加速度計來重現輸入。 為什麼這個事情很重要呢?在Android平臺上, 例如,開發人員有一個設備清單, 每個設備都在上面,麥克風等, 如果你要使用它就必須註冊, 這樣駭客無法接管, 但沒有人控制加速度計。
So what's the point? You can leave your iPhone next to someone's keyboard, and just leave the room, and then later recover what they did, even without using the microphone. If someone is able to put malware on your iPhone, they could then maybe get the typing that you do whenever you put your iPhone next to your keyboard.
那麼,這有什麼意義呢?你可以留下 你的iPhone到其他人的鍵盤旁邊, 然後離開房間, 過一會回來就知道他們做了什麼, 甚至不使用麥克風 如果有人能夠在你的iPhone上安裝惡意軟體, 那麼也許他們可以得到你的打字內容, 當你打字時把iPhone放到鍵盤旁邊。
There's several other notable attacks that unfortunately I don't have time to go into, but the one that I wanted to point out was a group from the University of Michigan which was able to take voting machines, the Sequoia AVC Edge DREs that were going to be used in New Jersey in the election that were left in a hallway, and put Pac-Man on it. So they ran the Pac-Man game.
還有其他幾個著名的攻擊,不過遺憾的是 我沒有時間給大家一一提到,但是,我想指出的是, 美國密西根大學的一個小組已經能 夠搞定投票機了, Sequoia AVC Edge DRE, 就是那種使用在新澤西州的選舉 留在走廊裏的機器。他們可以把Pac-Man遊戲機放上去。 他們運行Pac-Man遊戲。
What does this all mean? Well, I think that society tends to adopt technology really quickly. I love the next coolest gadget. But it's very important, and these researchers are showing, that the developers of these things need to take security into account from the very beginning, and need to realize that they may have a threat model, but the attackers may not be nice enough to limit themselves to that threat model, and so you need to think outside of the box.
這一切意味著什麼? 嗯,我認為社會趨向於快速採用新技術。 我愛最新最酷的小工具。 但非常重要的是,在這些研究人員展示的例子中, 這些東西的開發人員 從一開始就要將安全因素考慮進去, 並意識到,即使他們設計時 考慮到可能有一個威脅模型, 但攻擊者可能沒有友善到 將自己的行為限制在這個威脅模型中, 所以你需要考慮出了這一個模型之外的所有威脅。
What we can do is be aware that devices can be compromised, and anything that has software in it is going to be vulnerable. It's going to have bugs. Thank you very much. (Applause)
我們所能做的是請注意 設備可能會受到攻擊和損害, 只要是含有軟體 它就容易受到攻擊, 它就會有缺陷。 非常感謝你。 (掌聲)