Avi Rubin: All your devices can be hacked

43,672 views ・ 2015-07-15

TED


请双击下面的英文字幕来播放视频。

00:00
Translator: Joseph Geni Reviewer: Morton Bast
0
0
7000
翻译人员: Xue Chen 校对人员: Kwok Ping Lau
00:12
I'm a computer science professor,
1
12588
3031
我是一个计算机科学教授
00:15
and my area of expertise is
2
15619
2313
我的专业领域是
00:17
computer and information security.
3
17932
2199
计算机与信息安全
00:20
When I was in graduate school,
4
20131
2320
当我还在研究生院的时候
00:22
I had the opportunity to overhear my grandmother
5
22451
2601
我有次听见了我祖母
00:25
describing to one of her fellow senior citizens
6
25052
4134
向她的一位高龄同乡描述
00:29
what I did for a living.
7
29186
2369
我的工作。
00:31
Apparently, I was in charge of making sure that
8
31555
3562
没想到,她说我的工作是确保
00:35
no one stole the computers from the university. (Laughter)
9
35117
3900
学校的计算机不被小偷偷走 (笑声)
00:39
And, you know, that's a perfectly reasonable thing
10
39017
2744
但你也会觉得她这么想是完全合理的
00:41
for her to think, because I told her I was working
11
41761
1920
因为我告诉她我工作内容是
00:43
in computer security,
12
43681
1507
计算机安全,
00:45
and it was interesting to get her perspective.
13
45188
3597
但是能够得知她的观点真的很有趣。
00:48
But that's not the most ridiculous thing I've ever heard
14
48785
2617
但这并不是我所听过对我工作
00:51
anyone say about my work.
15
51402
2017
最离谱的叙述。
00:53
The most ridiculous thing I ever heard is,
16
53419
2284
我听过最谱奇的版本是,
00:55
I was at a dinner party, and a woman heard
17
55703
3134
我在一个晚宴上,然後有一位女士听说
00:58
that I work in computer security,
18
58837
1783
我是负责计算机安全的,
01:00
and she asked me if -- she said her computer had been
19
60620
3517
于是她问我如果-她的电脑
01:04
infected by a virus, and she was very concerned that she
20
64137
3436
感染了病毒,所以她十分担心自己
01:07
might get sick from it, that she could get this virus. (Laughter)
21
67573
3951
会因此而生病,会感染到这个病毒 (笑声)
01:11
And I'm not a doctor, but I reassured her
22
71524
2943
虽然我不是个医生,但我向她再三保证
01:14
that it was very, very unlikely that this would happen,
23
74467
3144
这种事不可能会发生
01:17
but if she felt more comfortable, she could be free to use
24
77611
2801
但如果她还是不放心,她或许可以考虑
01:20
latex gloves when she was on the computer,
25
80412
1848
在用电脑的时候带着橡胶手套,
01:22
and there would be no harm whatsoever in that.
26
82260
3392
而且这无论如何都是无害的。
01:25
I'm going to get back to this notion of being able to get
27
85652
2507
我一会儿会回过头来谈谈这种能够被
01:28
a virus from your computer, in a serious way.
28
88159
3508
自己电脑的病毒感染的想法,用一个更严肃的角度来谈
01:31
What I'm going to talk to you about today
29
91667
1640
今天我要讲的是
01:33
are some hacks, some real world cyberattacks that people
30
93307
4846
一些在我领域,学术研究界的人员
01:38
in my community, the academic research community,
31
98153
2554
所进行大多人所不知的
01:40
have performed, which I don't think
32
100707
2794
黑客活动
01:43
most people know about,
33
103501
1208
和一些真实世界的网络攻击,
01:44
and I think they're very interesting and scary,
34
104709
3028
我觉得它们既有意思又可怕,
01:47
and this talk is kind of a greatest hits
35
107737
2441
而这次的演说就有点像是 学术的安全共同体中的
01:50
of the academic security community's hacks.
36
110178
2991
经典黑客案例
01:53
None of the work is my work. It's all work
37
113169
1987
这些都不是我个人的工作。这全部都是
01:55
that my colleagues have done, and I actually asked them
38
115156
2174
我同事做的,而我其实还向他们要了一些
01:57
for their slides and incorporated them into this talk.
39
117330
2557
幻灯片并把它们加到我的演讲里。
01:59
So the first one I'm going to talk about
40
119887
1742
那么,我要讲的第一个案例就是
02:01
are implanted medical devices.
41
121629
2674
植入性医疗器械。
02:04
Now medical devices have come a long way technologically.
42
124303
3040
当今的医疗器械是经历了 一段很长的科技发展。
02:07
You can see in 1926 the first pacemaker was invented.
43
127343
3856
你可以看到,第一款心脏起搏器发明于1926年。
02:11
1960, the first internal pacemaker was implanted,
44
131199
3552
1960年,第一个体内心脏起搏器被植入,
02:14
hopefully a little smaller than that one that you see there,
45
134751
2552
希望是比大家在这看到的要小一些,
02:17
and the technology has continued to move forward.
46
137303
2968
之后,这方面的技术一直在不断地发展。
02:20
In 2006, we hit an important milestone from the perspective
47
140271
4633
到了2006年,我们迎来了一个重要的里程碑,
02:24
of computer security.
48
144904
3167
对于电脑安全而言。
02:28
And why do I say that?
49
148071
1341
那我为什么这么说呢?
02:29
Because that's when implanted devices inside of people
50
149412
2890
那是因为这正是植入人体的器械
02:32
started to have networking capabilities.
51
152302
2745
开始具备联网能力的时候。
02:35
One thing that brings us close to home is we look
52
155047
1880
一件带我们回主题的事就是当我们
02:36
at Dick Cheney's device, he had a device that
53
156927
2705
看到迪克·切尼的仪器,他拥有一可以
02:39
pumped blood from an aorta to another part of the heart,
54
159632
3869
将血液从一个大动脉输送到 心脏的另一个部分的仪器,
02:43
and as you can see at the bottom there,
55
163501
1183
就如你在底部所看到的,
02:44
it was controlled by a computer controller,
56
164684
3009
它是被一个电脑控制器所控制的,
02:47
and if you ever thought that software liability
57
167693
2517
如果你认为软件责任
02:50
was very important, get one of these inside of you.
58
170210
3589
非常重大的话,你可以给自己装一个这个。
02:53
Now what a research team did was they got their hands
59
173799
3695
现在有一支研究团队所做的就是得到了一个
02:57
on what's called an ICD.
60
177494
1420
被称作 ICD 的器件。 (植入型心律转复除颤器)
02:58
This is a defibrillator, and this is a device
61
178914
2070
这是一个复除颤器,而且这是个
03:00
that goes into a person to control their heart rhythm,
62
180984
4336
用在人体体内来控制他们心率的仪器,
03:05
and these have saved many lives.
63
185320
2338
而且这仪器还救过不少人的命。
03:07
Well, in order to not have to open up the person
64
187658
2472
那麽,为了不用每次给装置重新编程
03:10
every time you want to reprogram their device
65
190130
2194
或者进行某些其他的检测的时候
03:12
or do some diagnostics on it, they made the thing be able
66
192324
2455
都要剖开病人的胸腔,他们让这个装置
03:14
to communicate wirelessly, and what this research team did
67
194779
3102
可以无线通讯,而这个研究团队所做的
03:17
is they reverse engineered the wireless protocol,
68
197881
2610
就是对无线协议做逆向工程,
03:20
and they built the device you see pictured here,
69
200491
1872
并制作出你现在所看到的图中所显示的仪器,
03:22
with a little antenna, that could talk the protocol
70
202363
2760
它还有一个小天线用于与设备
03:25
to the device, and thus control it.
71
205123
4475
进行交流,从而进行操控。
03:29
In order to make their experience real -- they were unable
72
209598
2689
为了让他们的试验更真实-他们无法
03:32
to find any volunteers, and so they went
73
212287
2472
找到任何志愿者,所以他们找来
03:34
and they got some ground beef and some bacon
74
214759
2144
一些牛肉馅儿和培根肉
03:36
and they wrapped it all up to about the size
75
216903
1788
弄成一个大小和人体内
03:38
of a human being's area where the device would go,
76
218691
2798
安放这个装置差不多大小的区域,
03:41
and they stuck the device inside it
77
221489
1454
然后他们把这个装置放了进去
03:42
to perform their experiment somewhat realistically.
78
222943
3132
从而使他们的实验近乎真实。
03:46
They launched many, many successful attacks.
79
226075
3020
他们进行了很多很多成功的攻击。
03:49
One that I'll highlight here is changing the patient's name.
80
229095
3056
我特别想重点讲一下的是他们成功地修改了病人的姓名信息。
03:52
I don't know why you would want to do that,
81
232151
993
我不清楚为什么有人要这么做 ,
03:53
but I sure wouldn't want that done to me.
82
233144
2104
但是我肯定不愿意有人对我这么做。
03:55
And they were able to change therapies,
83
235248
2331
他们还能够更改治疗方案,
03:57
including disabling the device -- and this is with a real,
84
237579
2495
包括使设备失效-而这些都发生在一个真的
04:00
commercial, off-the-shelf device --
85
240074
1896
营利的、市场上能买到的心率仪上 --
04:01
simply by performing reverse engineering and sending
86
241970
2046
仅仅是通过反向破解以及向其
04:04
wireless signals to it.
87
244016
2989
发送无线指令就能实现。
04:07
There was a piece on NPR that some of these ICDs
88
247005
3580
NPR 上曾经有过一则新闻报到了 (美国国家公共广播电台)
04:10
could actually have their performance disrupted
89
250585
2422
一些ICD的运行甚至可以被
04:13
simply by holding a pair of headphones onto them.
90
253007
3651
放在其上面的一副耳机扰乱
04:16
Now, wireless and the Internet
91
256658
1409
如今,无线技术和互联网
04:18
can improve health care greatly.
92
258067
1652
能够大大改善医疗服务
04:19
There's several examples up on the screen
93
259719
2087
屏幕上显示的几个例子是一些
04:21
of situations where doctors are looking to implant devices
94
261806
3107
医生要为病人体内植入医疗装置
04:24
inside of people, and all of these devices now,
95
264913
2865
的情况,而现今所有这方面的仪器,
04:27
it's standard that they communicate wirelessly,
96
267778
3125
无线联网已经成为了标准配备,
04:30
and I think this is great,
97
270903
1412
我认为这很了不起,
04:32
but without a full understanding of trustworthy computing,
98
272315
3105
但是如果没有全面的了解和可靠的计算,
04:35
and without understanding what attackers can do
99
275420
2407
和没有认识到攻击行为所造成的影响
04:37
and the security risks from the beginning,
100
277827
2147
以及固有的安全隐患,
04:39
there's a lot of danger in this.
101
279974
2390
这就会带来很多危险。
04:42
Okay, let me shift gears and show you another target.
102
282364
1477
好的,让我换个机械向你们展示另外一个攻击对象。
04:43
I'm going to show you a few different targets like this,
103
283841
2088
我将向你们展示几个类似的攻击对象,
04:45
and that's my talk. So we'll look at automobiles.
104
285929
2917
它们是我演讲的主要部分。我们接下来看看汽车。
04:48
This is a car, and it has a lot of components,
105
288846
2896
这是一辆车,它拥有很多组成部分,
04:51
a lot of electronics in it today.
106
291742
1620
如今还拥有许多的电子零件。
04:53
In fact, it's got many, many different computers inside of it,
107
293362
4377
事实上,它里面有很多很多台不同的电脑,
04:57
more Pentiums than my lab did when I was in college,
108
297739
3155
它所拥有的奔腾处理器比我大学时期的实验室里的还多,
05:00
and they're connected by a wired network.
109
300894
3639
而且这些电脑之间是由内部线路相连。
05:04
There's also a wireless network in the car,
110
304533
3431
车内也有一个无线网络,
05:07
which can be reached from many different ways.
111
307964
3233
它可以通过不同的方式与外界相连。
05:11
So there's Bluetooth, there's the FM and XM radio,
112
311197
3701
包含了蓝牙,有FM广播和XM广播,
05:14
there's actually wi-fi, there's sensors in the wheels
113
314898
2820
甚至还有wi-fi,车轮里面有传感器
05:17
that wirelessly communicate the tire pressure
114
317718
2153
可以通过无线网络监测轮胎气压
05:19
to a controller on board.
115
319871
1806
并传输给控制板。
05:21
The modern car is a sophisticated multi-computer device.
116
321677
4918
现代汽车是非常复杂的多电脑设备
05:26
And what happens if somebody wanted to attack this?
117
326595
3322
那如果有人想攻击这台设备的话 会发生什么呢?
05:29
Well, that's what the researchers
118
329917
1317
这就是今天我演讲中的
05:31
that I'm going to talk about today did.
119
331234
1871
研究者们所做的。
05:33
They basically stuck an attacker on the wired network
120
333105
2977
他们很根本地在汽车的有线和无线网络上
05:36
and on the wireless network.
121
336082
2322
都安装了攻击装置。
05:38
Now, they have two areas they can attack.
122
338404
2699
现在,他们可以通过两种方式进行攻击。
05:41
One is short-range wireless, where you can actually
123
341103
2038
一种是短程无线网络,这样你可以直接
05:43
communicate with the device from nearby,
124
343141
1781
和附近的装置进行通信,
05:44
either through Bluetooth or wi-fi,
125
344922
2137
比如通过蓝牙或 wi-fi,
05:47
and the other is long-range, where you can communicate
126
347059
2174
另一个是远程网络,让你可以
05:49
with the car through the cellular network,
127
349233
1782
通过移动网络
05:51
or through one of the radio stations.
128
351015
1960
或者通过某个无线电电台与车进行通信。
05:52
Think about it. When a car receives a radio signal,
129
352975
3049
想想看。当一辆汽车接收到无线电信号,
05:56
it's processed by software.
130
356024
2201
软件会对这信号进行处理。
05:58
That software has to receive and decode the radio signal,
131
358225
3061
这软件必需对信号进行接收和解码
06:01
and then figure out what to do with it,
132
361286
1119
从而弄明白如何进行处理,
06:02
even if it's just music that it needs to play on the radio,
133
362405
3024
即便那只是电台音乐,
06:05
and that software that does that decoding,
134
365429
2268
而那进行解码的软件,
06:07
if it has any bugs in it, could create a vulnerability
135
367697
3093
如果存有任何漏洞,就有机会
06:10
for somebody to hack the car.
136
370790
3035
让他人入侵汽车的电脑系统中。
06:13
The way that the researchers did this work is,
137
373825
2952
研究人员试验的方法就是,
06:16
they read the software in the computer chips
138
376777
4223
他们读取了车内电脑芯片中的软件
06:21
that were in the car, and then they used sophisticated
139
381000
3193
之后他们运用复杂的
06:24
reverse engineering tools
140
384193
1414
反向破解工具
06:25
to figure out what that software did,
141
385607
2055
来弄明白了这个软件的功能,
06:27
and then they found vulnerabilities in that software,
142
387662
3041
并且找到了软休的漏洞,
06:30
and then they built exploits to exploit those.
143
390703
3346
之后他们利用这些漏洞建造后门。
06:34
They actually carried out their attack in real life.
144
394049
2382
他们真的在现实生活中试验了这些攻击。
06:36
They bought two cars, and I guess
145
396431
1350
他们买了两辆车,
06:37
they have better budgets than I do.
146
397781
2918
我猜他们的经费比我要宽裕一些。
06:40
The first threat model was to see what someone could do
147
400699
2590
第一个攻击计划是想看看一个人能在
06:43
if an attacker actually got access
148
403289
2144
攻击者得到许可进入汽车的
06:45
to the internal network on the car.
149
405433
2053
内部网络时做些什麽。
06:47
Okay, so think of that as, someone gets to go to your car,
150
407486
2603
好的,假设有一个人可以接近你的车,
06:50
they get to mess around with it, and then they leave,
151
410089
2904
在车中做了一些手脚,然后离开,
06:52
and now, what kind of trouble are you in?
152
412993
2368
那现在,你会遇到些什么麻烦呢?
06:55
The other threat model is that they contact you
153
415361
2792
另一个计划是他们通过
06:58
in real time over one of the wireless networks
154
418153
2457
无线网络进行实时交流
07:00
like the cellular, or something like that,
155
420610
2055
就像手机或是其他类似的方式,
07:02
never having actually gotten physical access to your car.
156
422665
4000
根本不需要跟你的车有任何的物理上的接触。
07:06
This is what their setup looks like for the first model,
157
426665
2824
这是他们第一个模型设置的样子,
07:09
where you get to have access to the car.
158
429489
1683
在这他们可以接触到车。
07:11
They put a laptop, and they connected to the diagnostic unit
159
431172
3387
他们放了一个笔记本电脑, 并把它连接到车内部网络的
07:14
on the in-car network, and they did all kinds of silly things,
160
434559
2939
诊断单元,他们利用这些做了各种各样好玩的把戏,
07:17
like here's a picture of the speedometer
161
437498
2783
像这张车速表的照片
07:20
showing 140 miles an hour when the car's in park.
162
440281
2816
在车静止的情况下显示每小时140英里。
07:23
Once you have control of the car's computers,
163
443097
2373
当你控制住车内电脑系统,
07:25
you can do anything.
164
445470
919
你可以做任何事。
07:26
Now you might say, "Okay, that's silly."
165
446389
1616
你也许会觉得,“这只是搞笑而已。”
07:28
Well, what if you make the car always say
166
448005
1659
那如果你让车总是显示
07:29
it's going 20 miles an hour slower than it's actually going?
167
449664
2741
比真正的速度慢了20英里每小时呢?
07:32
You might produce a lot of speeding tickets.
168
452405
2542
这样会拿到很多超速罚单。
07:34
Then they went out to an abandoned airstrip with two cars,
169
454947
3856
之后他们开了两辆车到一个废弃的简易机场,
07:38
the target victim car and the chase car,
170
458803
2745
一辆目标车,一辆追踪车,
07:41
and they launched a bunch of other attacks.
171
461548
2746
他们并进行了更多其他的攻击。
07:44
One of the things they were able to do from the chase car
172
464294
2766
其中一件可以从追踪车里做到的是
07:47
is apply the brakes on the other car,
173
467060
1974
在目标车中进行刹车,
07:49
simply by hacking the computer.
174
469034
1560
这只需要侵入目标车的电脑就可以了。
07:50
They were able to disable the brakes.
175
470594
2431
他们可以废掉刹车系统。
07:53
They also were able to install malware that wouldn't kick in
176
473025
3178
他们还可以安装一些恶意软件要在车子
07:56
and wouldn't trigger until the car was doing something like
177
476203
2425
做出特定的指令下,比方说车速在20英里每小时
07:58
going over 20 miles an hour, or something like that.
178
478628
3746
或类似的指令才会启动。
08:02
The results are astonishing, and when they gave this talk,
179
482374
2758
这个结果非常的震撼,而当他们做这个演讲时,
08:05
even though they gave this talk at a conference
180
485132
1716
即使是在一个充满
08:06
to a bunch of computer security researchers,
181
486848
1726
电脑安全研究人员的会议,
08:08
everybody was gasping.
182
488574
1700
所有人都难以之信。
08:10
They were able to take over a bunch of critical computers
183
490274
3699
他们成功的控制了车内很多
08:13
inside the car: the brakes computer, the lighting computer,
184
493973
3761
重要的电脑系统:刹车系统,照明系统,
08:17
the engine, the dash, the radio, etc.,
185
497734
2827
发动机,仪表盘,无线电台,等等,
08:20
and they were able to perform these on real commercial
186
500561
2293
而且他们可以在他们所购买的商务车中
08:22
cars that they purchased using the radio network.
187
502854
3027
利用无线网络来做这些事情。
08:25
They were able to compromise every single one of the
188
505881
3003
他们可以妥協每一个
08:28
pieces of software that controlled every single one
189
508884
2466
操控每一项
08:31
of the wireless capabilities of the car.
190
511350
3015
车内无线功能的软件。
08:34
All of these were implemented successfully.
191
514365
2513
所有的实验都成功的实施了。
08:36
How would you steal a car in this model?
192
516878
2352
你要怎样去偷这类型的车呢?
08:39
Well, you compromise the car by a buffer overflow
193
519230
3680
首先你从内部软件缓冲区溢出的
08:42
of vulnerability in the software, something like that.
194
522910
2527
漏洞开始侵入,就像这样。
08:45
You use the GPS in the car to locate it.
195
525437
2203
你再用车内置的导航器确定它的位置。
08:47
You remotely unlock the doors through the computer
196
527640
2195
再用电脑遥控打开车门,
08:49
that controls that, start the engine, bypass anti-theft,
197
529835
3138
启动发动机,绕过防盗系统,
08:52
and you've got yourself a car.
198
532973
1668
这样你就弄到了一辆车。
08:54
Surveillance was really interesting.
199
534641
2487
监控是很有意思的。
08:57
The authors of the study have a video where they show
200
537128
3209
这个研究的作者们有一个影像显示
09:00
themselves taking over a car and then turning on
201
540337
2549
他们侵入一辆车,然后打开
09:02
the microphone in the car, and listening in on the car
202
542886
2761
车内的话筒,听著车内的声音
09:05
while tracking it via GPS on a map,
203
545647
3351
并同时用导航器跟踪车的位置,
09:08
and so that's something that the drivers of the car
204
548998
1713
而这些是车的司机
09:10
would never know was happening.
205
550711
2168
绝对不会知道的。
09:12
Am I scaring you yet?
206
552879
2134
我吓到你们了吗?
09:15
I've got a few more of these interesting ones.
207
555013
1943
我还有几个很有趣的实验。
09:16
These are ones where I went to a conference,
208
556956
1833
这些是我从一个我去过的会议所知道的,
09:18
and my mind was just blown, and I said,
209
558789
1933
我当时惊呆了,我说
09:20
"I have to share this with other people."
210
560722
1826
“我得跟其他人分享这个信息。”
09:22
This was Fabian Monrose's lab
211
562548
1623
这是北卡大学 Fabian Monrose 教授的实验室,
09:24
at the University of North Carolina, and what they did was
212
564171
3456
他们做的实验
09:27
something intuitive once you see it,
213
567627
2075
是一个当你看了之后会觉得很直观,
09:29
but kind of surprising.
214
569702
1714
但也会很惊讶的实验。
09:31
They videotaped people on a bus,
215
571416
2259
他们录下了在公车上的人们,
09:33
and then they post-processed the video.
216
573675
2840
然后后期处理这些视频。
09:36
What you see here in number one is a
217
576515
2463
你在一号所看到的是
09:38
reflection in somebody's glasses of the smartphone
218
578978
4383
在输入手机的某人的眼镜中所反射
09:43
that they're typing in.
219
583361
1425
出来的智慧型手机映像。
09:44
They wrote software to stabilize --
220
584786
1975
他们编了一个软件来稳定 --
09:46
even though they were on a bus
221
586761
1365
即使他们在公车上
09:48
and maybe someone's holding their phone at an angle --
222
588126
3211
或是有人会把手机摆在一个特殊的角度 --
09:51
to stabilize the phone, process it, and
223
591337
2370
来稳定这个手机,处理它,
09:53
you may know on your smartphone, when you type
224
593707
1885
你也许知道,当你在智慧型手机上输入
09:55
a password, the keys pop out a little bit, and they were able
225
595592
2939
密码时,对应键会放大一点,因此他们可以
09:58
to use that to reconstruct what the person was typing,
226
598531
2840
利用这一点去重组那个人所输入的东西,
10:01
and had a language model for detecting typing.
227
601371
4321
还有一个语言模型去检测输入行为。
10:05
What was interesting is, by videotaping on a bus,
228
605692
2335
有意思的是,利用公车上的录像
10:08
they were able to produce exactly what people
229
608027
2129
他们可以准确无误的得到他人在
10:10
on their smartphones were typing,
230
610156
2151
手机上输入什么,
10:12
and then they had a surprising result, which is that
231
612307
2260
之后他们还发现了一个意外结果,就是
10:14
their software had not only done it for their target,
232
614567
2764
他们的软件不但会对他们的目标进行处理,
10:17
but other people who accidentally happened
233
617331
1403
也可以对那些意外入镜的
10:18
to be in the picture, they were able to produce
234
618734
2086
人进行分析出
10:20
what those people had been typing, and that was kind of
235
620820
2727
那些人都输入了什么,而这些
10:23
an accidental artifact of what their software was doing.
236
623547
3617
是这软件进行中所得到的意外收获。
10:27
I'll show you two more. One is P25 radios.
237
627164
4303
我再给你们看两个例子。一个是P25无线电。
10:31
P25 radios are used by law enforcement
238
631467
2800
P25无线电是执法部门
10:34
and all kinds of government agencies
239
634267
3407
和种种政府机构
10:37
and people in combat to communicate,
240
637674
1736
以及战场上的人们交流所使用的,
10:39
and there's an encryption option on these phones.
241
639410
2833
而这些电话里都会有加密选项。
10:42
This is what the phone looks like. It's not really a phone.
242
642243
2728
这电话就是长这个样子。这不是真正的电话。
10:44
It's more of a two-way radio.
243
644971
1206
它比较像是双向无线电。
10:46
Motorola makes the most widely used one, and you can see
244
646177
3322
摩托罗拉是这电话的最大生产商,你也会看到
10:49
that they're used by Secret Service, they're used in combat,
245
649499
2649
它们是被秘密机构以及战场上所使用,
10:52
it's a very, very common standard in the U.S. and elsewhere.
246
652148
3102
它在美国和其他地方都非常~非常的常见的标准。
10:55
So one question the researchers asked themselves is,
247
655250
2305
所以研究员们自问的一个问题就是
10:57
could you block this thing, right?
248
657555
2704
可以阻止这个东西~~~吧?
11:00
Could you run a denial-of-service,
249
660259
1583
可以执行拒绝服务吗?
11:01
because these are first responders?
250
661842
1824
因为这些都是抢险救生员。
11:03
So, would a terrorist organization want to black out the
251
663666
1801
那么,恐怖组织会想要阻断
11:05
ability of police and fire to communicate at an emergency?
252
665467
4488
警察和火警的紧急联系功能吗?
11:09
They found that there's this GirlTech device used for texting
253
669955
3072
他们发现有个叫GirlTech的信息设备
11:13
that happens to operate at the same exact frequency
254
673027
2718
所使用的频道和 P25 是一样的,
11:15
as the P25, and they built what they called
255
675745
2271
然後他们建造了一个叫
11:18
My First Jammer. (Laughter)
256
678016
4334
"我的第一干扰"。(笑声)
11:22
If you look closely at this device,
257
682350
2378
如果你仔细看这个设备,
11:24
it's got a switch for encryption or cleartext.
258
684728
3630
这里有个开关可以切换加密或是明文。
11:28
Let me advance the slide, and now I'll go back.
259
688358
3050
让我先到下一页,然後现在我再回去。
11:31
You see the difference?
260
691408
2547
你看到那差异了吗?
11:33
This is plain text. This is encrypted.
261
693955
2557
这是明文,这是加密。
11:36
There's one little dot that shows up on the screen,
262
696512
2557
屏幕上出现一个小点,
11:39
and one little tiny turn of the switch.
263
699069
2085
而开关也转了一点点。
11:41
And so the researchers asked themselves, "I wonder how
264
701154
1904
那些研究员们就自问,“我猜想
11:43
many times very secure, important, sensitive conversations
265
703058
4257
有多少非常保密的,重要的,敏感的谈话
11:47
are happening on these two-way radios where they forget
266
707315
1623
是在这些他们忘记加密
11:48
to encrypt and they don't notice that they didn't encrypt?"
267
708938
2910
而且没有注意到这回事的双向无线电的情况下进行呢?
11:51
So they bought a scanner. These are perfectly legal
268
711848
3339
他们买了一个扫描仪。这些都是完全合法的
11:55
and they run at the frequency of the P25,
269
715187
3458
他们并在P25的频率下运行这扫描仪,
11:58
and what they did is they hopped around frequencies
270
718645
1767
之後他们在这个频率周围不停地转动
12:00
and they wrote software to listen in.
271
720412
2510
然後用他们所写的软件来监听。
12:02
If they found encrypted communication, they stayed
272
722922
2634
如果他们找到了加密的对话,他们就停留
12:05
on that channel and they wrote down, that's a channel
273
725556
1686
在那个频道,然后写下这是
12:07
that these people communicate in,
274
727242
1788
那些人交流的频道,
12:09
these law enforcement agencies,
275
729030
1622
那些执法机构,
12:10
and they went to 20 metropolitan areas and listened in
276
730652
3391
他们去了20个大都市区监听
12:14
on conversations that were happening at those frequencies.
277
734043
3475
这些频道上的所进行的对话。
12:17
They found that in every metropolitan area,
278
737518
3239
他们发现在每一个大都会区
12:20
they would capture over 20 minutes a day
279
740757
2154
他们每天都能捕捉到至少20分钟的
12:22
of cleartext communication.
280
742911
2375
明文交流。
12:25
And what kind of things were people talking about?
281
745286
2000
那他们都交流些什么呢?
12:27
Well, they found the names and information
282
747286
1484
他们得到了秘密举报人的
12:28
about confidential informants. They found information
283
748770
2852
名字和信息。他们得到了
12:31
that was being recorded in wiretaps,
284
751622
2202
正在被窃听的信息,
12:33
a bunch of crimes that were being discussed,
285
753824
2710
一堆正在被讨论的犯罪案件,
12:36
sensitive information.
286
756534
1162
敏感的消息。
12:37
It was mostly law enforcement and criminal.
287
757696
3363
大多数都是执法和犯罪类的。
12:41
They went and reported this to the law enforcement
288
761059
1834
他们向执法机构说明了这件事,
12:42
agencies, after anonymizing it,
289
762893
2023
当然是在匿名之后,
12:44
and the vulnerability here is simply the user interface
290
764916
3000
而当中的漏洞很纯粹的只是用户界面
12:47
wasn't good enough. If you're talking
291
767916
1394
不够好。如果你是在讨论
12:49
about something really secure and sensitive, it should
292
769310
2816
一些非常保密或者敏感话题,你应该
12:52
be really clear to you that this conversation is encrypted.
293
772126
3293
清楚的知道这个谈话是被加密的。
12:55
That one's pretty easy to fix.
294
775419
1886
这个很容易修正。
12:57
The last one I thought was really, really cool,
295
777305
1669
最后一例子我认为是非常,非常的牛,
12:58
and I just had to show it to you, it's probably not something
296
778974
2813
所以我必须得给你们看这个,这可能不是一些
13:01
that you're going to lose sleep over
297
781787
1005
会使你们失眠的东西,
13:02
like the cars or the defibrillators,
298
782792
1791
像是汽车实验和心脏去颤器那样,
13:04
but it's stealing keystrokes.
299
784583
3023
但这个是窃取击键。
13:07
Now, we've all looked at smartphones upside down.
300
787606
2747
至今,我们都彻底的观察过智慧型手机。
13:10
Every security expert wants to hack a smartphone,
301
790353
2190
每个安全专家都想要侵入这样的手机系统,
13:12
and we tend to look at the USB port, the GPS for tracking,
302
792543
4612
而我们一般都会去看USB插头,跟踪GPS,
13:17
the camera, the microphone, but no one up till this point
303
797155
3208
相机,话筒,但目前为止没有人
13:20
had looked at the accelerometer.
304
800363
1580
看过加速规。
13:21
The accelerometer is the thing that determines
305
801943
1647
加速规是那个决定
13:23
the vertical orientation of the smartphone.
306
803590
3494
手机垂直方向的东西。
13:27
And so they had a simple setup.
307
807084
1417
因此他们有个很简单的设置。
13:28
They put a smartphone next to a keyboard,
308
808501
2758
他们把手机放在键盘旁边,
13:31
and they had people type, and then their goal was
309
811259
2712
然後他们让人们去打字, 而他们的目标是
13:33
to use the vibrations that were created by typing
310
813971
2856
利用打字而产生的震动
13:36
to measure the change in the accelerometer reading
311
816827
4240
去测量加速规的数据的变化
13:41
to determine what the person had been typing.
312
821067
3176
由此来判断这个人输入的是什么。
13:44
Now, when they tried this on an iPhone 3GS,
313
824243
2576
那么当他们在用iPhone 3GS做这实验时,
13:46
this is a graph of the perturbations that were created
314
826819
2769
这是他们从打字所得到的
13:49
by the typing, and you can see that it's very difficult
315
829588
3241
扰动图,而你可以了解到这是很难
13:52
to tell when somebody was typing or what they were typing,
316
832829
3078
判断什么时候有人在打字 或者他们打过了什么字,
13:55
but the iPhone 4 greatly improved the accelerometer,
317
835907
3090
但是iPhone 4在加速规上有很大的提高,
13:58
and so the same measurement
318
838997
3480
因此同样的测量
14:02
produced this graph.
319
842477
1832
所得到的图是这样的。
14:04
Now that gave you a lot of information while someone
320
844309
2486
这么现在有人在打字时 就会给出更多的信息了,
14:06
was typing, and what they did then is used advanced
321
846795
3241
那他们接下来用了一个先进的
14:10
artificial intelligence techniques called machine learning
322
850036
3007
人工智能技术,称作"机器学习"
14:13
to have a training phase,
323
853043
1431
来进行一个培训阶段,
14:14
and so they got most likely grad students
324
854474
2236
然后他们极有可能是找了一些研究生
14:16
to type in a whole lot of things, and to learn,
325
856710
3789
去输入一大堆的东西,然后去学习,
14:20
to have the system use the machine learning tools that
326
860499
2768
让这个系统利用已有的机器学习工具去
14:23
were available to learn what it is that the people were typing
327
863267
2863
了解这些人输入的是什么
14:26
and to match that up
328
866130
2827
并结合了
14:28
with the measurements in the accelerometer.
329
868957
2477
加速规所测量的数据。
14:31
And then there's the attack phase, where you get
330
871434
1635
接下来就是攻击阶段了,你找
14:33
somebody to type something in, you don't know what it was,
331
873069
2811
一些人来输入一些东西, 但是你不知道输入的是什麽
14:35
but you use your model that you created
332
875880
1297
但你利用之前在培训中
14:37
in the training phase to figure out what they were typing.
333
877177
3442
所编写的模式来得出输入的内容。
14:40
They had pretty good success. This is an article from the USA Today.
334
880619
3484
他们有很好的成功几率。 这是一篇出至《今日美国》的文章。
14:44
They typed in, "The Illinois Supreme Court has ruled
335
884103
2609
他们输入了“伊利诺伊州最高法院裁定
14:46
that Rahm Emanuel is eligible to run for Mayor of Chicago"
336
886712
2962
伊曼纽尔拥有参加芝加哥市长竞选的资格”
14:49
— see, I tied it in to the last talk —
337
889674
1354
-看,我结合了上一个演讲-
14:51
"and ordered him to stay on the ballot."
338
891028
2118
“并且命令他必需留在选票上”。
14:53
Now, the system is interesting, because it produced
339
893146
2771
这个系统很有趣,因为它分析出了
14:55
"Illinois Supreme" and then it wasn't sure.
340
895917
2886
“伊利诺伊州最高” 而之后的它就不确定了。
14:58
The model produced a bunch of options,
341
898803
1950
这个模式给了一堆的选择,
15:00
and this is the beauty of some of the A.I. techniques,
342
900753
2709
这也就是人工智能技术厉害的地方,
15:03
is that computers are good at some things,
343
903462
2250
也就是电脑在某方面很在行,
15:05
humans are good at other things,
344
905712
1534
而人类则是在别的方面很强,
15:07
take the best of both and let the humans solve this one.
345
907246
1931
结合双方的优势, 并让人类去解决这一个问题。
15:09
Don't waste computer cycles.
346
909177
1382
不去浪费电脑的周期。
15:10
A human's not going to think it's the Supreme might.
347
910559
2136
一个人是不会认为那会是 "最高可能" 。
15:12
It's the Supreme Court, right?
348
912695
1740
当然是"最高法院",对吧?
15:14
And so, together we're able to reproduce typing
349
914435
2530
也因此,人们和机器一起 可以只测量加速规的
15:16
simply by measuring the accelerometer.
350
916965
2949
数据来得出打出来的内容。
15:19
Why does this matter? Well, in the Android platform,
351
919914
3502
这有什么重要的呢?好吧,用安卓平台来
15:23
for example, the developers have a manifest
352
923416
4133
举个例子,开发者们有一个清单,
15:27
where every device on there, the microphone, etc.,
353
927564
2584
当中的每一个设备,像是麦克风等等,
15:30
has to register if you're going to use it
354
930148
1956
都需要注册,如果有你要用它
15:32
so that hackers can't take over it,
355
932104
2316
好让黑客无法侵入它的话,
15:34
but nobody controls the accelerometer.
356
934420
3108
但是没人控制加速规。
15:37
So what's the point? You can leave your iPhone next to
357
937528
2216
那重点在那呢? 你可以把你的iPhone放在
15:39
someone's keyboard, and just leave the room,
358
939744
2106
某人的键盘旁边,然后就离开房间,
15:41
and then later recover what they did,
359
941850
1639
之后再回来复原他们所做过的事,
15:43
even without using the microphone.
360
943489
1711
就连麦克风都不需要。
15:45
If someone is able to put malware on your iPhone,
361
945200
2174
如果有人能够把入侵软件装入你的iPhone,
15:47
they could then maybe get the typing that you do
362
947374
2848
他们也就可能得到你所输入的内容,
15:50
whenever you put your iPhone next to your keyboard.
363
950222
2321
每当你把你的iPhone放在你的键盘旁边。
15:52
There's several other notable attacks that unfortunately
364
952543
2271
另外还有几个值得注意的攻击,但我很不幸的
15:54
I don't have time to go into, but the one that I wanted
365
954814
2131
没有时间去说,但有一个我想点出
15:56
to point out was a group from the University of Michigan
366
956945
2277
的是在密西根大学的一组人员,
15:59
which was able to take voting machines,
367
959222
2441
他们成功的侵入了投票机,
16:01
the Sequoia AVC Edge DREs that
368
961663
2498
这是 Sequoia AVC Edge DRE (美国最大的电子投票机制造商之一)
16:04
were going to be used in New Jersey in the election
369
964161
1555
准备在新泽西州选举中用,
16:05
that were left in a hallway, and put Pac-Man on it.
370
965716
2161
它被留在了一个走廊里, 他们在里面安装了吃豆人游戏。
16:07
So they ran the Pac-Man game.
371
967877
3623
他们安装了吃豆人游戏,所以呢?
16:11
What does this all mean?
372
971500
1747
这些都有什么意义呢?
16:13
Well, I think that society tends to adopt technology
373
973247
3647
我觉得我们的社会往往很快的采用新技术
16:16
really quickly. I love the next coolest gadget.
374
976894
2824
我非常喜欢下一个最炫的小玩意儿。
16:19
But it's very important, and these researchers are showing,
375
979718
2614
但是更重要的是,这些研究人员所显示的,
16:22
that the developers of these things
376
982332
1360
这些东西的开发者
16:23
need to take security into account from the very beginning,
377
983692
2865
需要从一开始就把安全考虑在内,
16:26
and need to realize that they may have a threat model,
378
986557
2785
也需要意识到它们可能会有的威胁模型,
16:29
but the attackers may not be nice enough
379
989342
2462
但是那些攻击者也许不会好心到
16:31
to limit themselves to that threat model,
380
991804
1777
只把他们局限于这些威胁模型中,
16:33
and so you need to think outside of the box.
381
993581
2537
所以你需要跳脱传统思维。
16:36
What we can do is be aware
382
996118
1578
我们所能做得就是要意识到
16:37
that devices can be compromised,
383
997696
2479
设备是可以被妥协的,
16:40
and anything that has software in it
384
1000175
1699
而任何有软件的东西
16:41
is going to be vulnerable. It's going to have bugs.
385
1001874
2649
都是会有弱点的。它们是会有错误的。
16:44
Thank you very much. (Applause)
386
1004523
3497
非常感谢。(掌声)
关于本网站

这个网站将向你介绍对学习英语有用的YouTube视频。你将看到来自世界各地的一流教师教授的英语课程。双击每个视频页面上显示的英文字幕,即可从那里播放视频。字幕会随着视频的播放而同步滚动。如果你有任何意见或要求,请使用此联系表与我们联系。

https://forms.gle/WvT1wiN1qDtmnspy7