Avi Rubin: All your devices can be hacked

43,872 views ・ 2015-07-15

TED


請雙擊下方英文字幕播放視頻。

00:00
Translator: Joseph Geni Reviewer: Morton Bast
0
0
7000
譯者: Tom Tao 審譯者: 文进 肖
00:12
I'm a computer science professor,
1
12588
3031
我是一名計算機科學教授,
00:15
and my area of expertise is
2
15619
2313
我的專業領域是
00:17
computer and information security.
3
17932
2199
計算機與資訊安全。
00:20
When I was in graduate school,
4
20131
2320
我在研究所的時候,
00:22
I had the opportunity to overhear my grandmother
5
22451
2601
有一次碰巧聽到我的祖母
00:25
describing to one of her fellow senior citizens
6
25052
4134
跟她一位年長的朋友
00:29
what I did for a living.
7
29186
2369
聊到我的工作。
00:31
Apparently, I was in charge of making sure that
8
31555
3562
我的工作顯然是在確保
00:35
no one stole the computers from the university. (Laughter)
9
35117
3900
大學裡面的電腦不會被人偷走。(笑聲)
00:39
And, you know, that's a perfectly reasonable thing
10
39017
2744
她會這麼想也不讓人意外,
00:41
for her to think, because I told her I was working
11
41761
1920
因為我告訴她
00:43
in computer security,
12
43681
1507
我的工作是關於計算機安全,
00:45
and it was interesting to get her perspective.
13
45188
3597
她的聯想力真的很有意思。
00:48
But that's not the most ridiculous thing I've ever heard
14
48785
2617
但是,這還不是別人對我的工作的解釋
00:51
anyone say about my work.
15
51402
2017
最好笑的一個。
00:53
The most ridiculous thing I ever heard is,
16
53419
2284
我聽過最好笑的一次是,
00:55
I was at a dinner party, and a woman heard
17
55703
3134
在一次晚宴上,
00:58
that I work in computer security,
18
58837
1783
一位女士聽到我是從事計算機安全的,
01:00
and she asked me if -- she said her computer had been
19
60620
3517
於是她向我諮詢,她說她的電腦中毒了,
01:04
infected by a virus, and she was very concerned that she
20
64137
3436
她非常擔心她可能會生病,
01:07
might get sick from it, that she could get this virus. (Laughter)
21
67573
3951
因為她可能會感染同樣的病毒。(笑聲)
01:11
And I'm not a doctor, but I reassured her
22
71524
2943
我不是醫生,但是我向她保證
01:14
that it was very, very unlikely that this would happen,
23
74467
3144
這個可能性微乎其微,
01:17
but if she felt more comfortable, she could be free to use
24
77611
2801
但是如果她還是不放心,
01:20
latex gloves when she was on the computer,
25
80412
1848
可以在使用電腦的時候戴上橡膠手套,
01:22
and there would be no harm whatsoever in that.
26
82260
3392
這樣就肯定萬無一失了。
01:25
I'm going to get back to this notion of being able to get
27
85652
2507
言歸正傳,接下來我要認真地
01:28
a virus from your computer, in a serious way.
28
88159
3508
談談如何避免電腦病毒。
01:31
What I'm going to talk to you about today
29
91667
1640
我今天要跟你們聊的是有關
01:33
are some hacks, some real world cyberattacks that people
30
93307
4846
在我所從事的研究領域中
01:38
in my community, the academic research community,
31
98153
2554
發生的一些駭客及網路攻擊問題,
01:40
have performed, which I don't think
32
100707
2794
我相信這些是
01:43
most people know about,
33
103501
1208
大部分人都不了解的,
01:44
and I think they're very interesting and scary,
34
104709
3028
並且我認為這些是既有意思又讓人害怕的,
01:47
and this talk is kind of a greatest hits
35
107737
2441
而這次談話的內容
01:50
of the academic security community's hacks.
36
110178
2991
就是關於安全領域的經典案例。
01:53
None of the work is my work. It's all work
37
113169
1987
這些事情不是發生在我身上。
01:55
that my colleagues have done, and I actually asked them
38
115156
2174
這些都是我同事做的研究,而我請他們
01:57
for their slides and incorporated them into this talk.
39
117330
2557
提供一些資料加到這次談話中。
01:59
So the first one I'm going to talk about
40
119887
1742
接下來首先我要講的是
02:01
are implanted medical devices.
41
121629
2674
體內植入醫療設備。
02:04
Now medical devices have come a long way technologically.
42
124303
3040
現在的醫療設備已經在技術方面發展了很多年。
02:07
You can see in 1926 the first pacemaker was invented.
43
127343
3856
大家從螢幕上可以看到 在1926年,第一個外置心臟起搏器被發明。
02:11
1960, the first internal pacemaker was implanted,
44
131199
3552
1960年第一個內置起搏器被植入人體,
02:14
hopefully a little smaller than that one that you see there,
45
134751
2552
如大家所願這個東西體積減少了很多,
02:17
and the technology has continued to move forward.
46
137303
2968
並且技術還在不斷的進步。
02:20
In 2006, we hit an important milestone from the perspective
47
140271
4633
到2006年,從電腦安全角度來說
02:24
of computer security.
48
144904
3167
我們達到了一個重要的里程碑
02:28
And why do I say that?
49
148071
1341
為什麼為這麼說?
02:29
Because that's when implanted devices inside of people
50
149412
2890
因為這時候人體內置的設備
02:32
started to have networking capabilities.
51
152302
2745
開始具備聯網功能。
02:35
One thing that brings us close to home is we look
52
155047
1880
Dick Cheney的設備可以讓我們更好的理解這一點,
02:36
at Dick Cheney's device, he had a device that
53
156927
2705
Dick Cheney的設備可以讓我們更好的理解這一點,
02:39
pumped blood from an aorta to another part of the heart,
54
159632
3869
這個設備負責將血液從一個大動脈 輸送到心臟的另一個腔體,
02:43
and as you can see at the bottom there,
55
163501
1183
就像你看到的,圖中的底部,
02:44
it was controlled by a computer controller,
56
164684
3009
一個電腦控制器控制著整個設備,
02:47
and if you ever thought that software liability
57
167693
2517
如果你認爲這個軟體控制很重要
02:50
was very important, get one of these inside of you.
58
170210
3589
你可以自己裝一個。
02:53
Now what a research team did was they got their hands
59
173799
3695
現在一個研究小組手頭上的工作
02:57
on what's called an ICD.
60
177494
1420
是研究一個稱為ICD的設備。 (ICD,植入式心臟去顫器)
02:58
This is a defibrillator, and this is a device
61
178914
2070
這是一個心律去顫器,植入人體後
03:00
that goes into a person to control their heart rhythm,
62
180984
4336
控制自己的心臟節律,
03:05
and these have saved many lives.
63
185320
2338
已經挽救了許多人的生命。
03:07
Well, in order to not have to open up the person
64
187658
2472
為了不對人進行重新手術
03:10
every time you want to reprogram their device
65
190130
2194
就可以每次重新設定他們的設備,
03:12
or do some diagnostics on it, they made the thing be able
66
192324
2455
或者做一些診斷,這個設備能夠進行無線通訊,
03:14
to communicate wirelessly, and what this research team did
67
194779
3102
而這個研究小組所做的是
03:17
is they reverse engineered the wireless protocol,
68
197881
2610
他們逆向工程無線協定,
03:20
and they built the device you see pictured here,
69
200491
1872
做了個小設備,你在這裏看得到,
03:22
with a little antenna, that could talk the protocol
70
202363
2760
帶一個小的天線,會使用協定和ICD通信,
03:25
to the device, and thus control it.
71
205123
4475
從而控制它。
03:29
In order to make their experience real -- they were unable
72
209598
2689
為了使他們的實驗更真實
03:32
to find any volunteers, and so they went
73
212287
2472
-由於他們無法找到任何的志願者-於是他們找到了一些
03:34
and they got some ground beef and some bacon
74
214759
2144
碎牛肉和一些臘肉,
03:36
and they wrapped it all up to about the size
75
216903
1788
包成該設備將去的人體部位的大小,
03:38
of a human being's area where the device would go,
76
218691
2798
包成該設備將去的人體部位的大小,
03:41
and they stuck the device inside it
77
221489
1454
然後把設備塞進去來做實驗,
03:42
to perform their experiment somewhat realistically.
78
222943
3132
為了使實驗更加接近真實情況。
03:46
They launched many, many successful attacks.
79
226075
3020
他們完成了許多許多次成功的攻擊。
03:49
One that I'll highlight here is changing the patient's name.
80
229095
3056
在這裏我還是要強調的是改變病人的名字。
03:52
I don't know why you would want to do that,
81
232151
993
我不知道你為什麼會想這樣做,
03:53
but I sure wouldn't want that done to me.
82
233144
2104
但我肯定不會想,這樣的事發生在我身上。
03:55
And they were able to change therapies,
83
235248
2331
他們能夠改變的治療方法,
03:57
including disabling the device -- and this is with a real,
84
237579
2495
包括停用此設備 --這是一個真正的,
04:00
commercial, off-the-shelf device --
85
240074
1896
商業的,現成的設備
04:01
simply by performing reverse engineering and sending
86
241970
2046
只需通過執行逆向工程和發送
04:04
wireless signals to it.
87
244016
2989
無線信號就能控制它。可怕吧?
04:07
There was a piece on NPR that some of these ICDs
88
247005
3580
NPR上有個片段講的是有些ICD
04:10
could actually have their performance disrupted
89
250585
2422
的功能竟然會被干擾,
04:13
simply by holding a pair of headphones onto them.
90
253007
3651
只要簡單地把一對耳機放到它上面就發生了。
04:16
Now, wireless and the Internet
91
256658
1409
現在,無線和網路可以
04:18
can improve health care greatly.
92
258067
1652
大大提高醫療水準。
04:19
There's several examples up on the screen
93
259719
2087
在螢幕上有幾個例子,
04:21
of situations where doctors are looking to implant devices
94
261806
3107
醫生正在植入設備到人體,
04:24
inside of people, and all of these devices now,
95
264913
2865
而其所有的這些設備現在
04:27
it's standard that they communicate wirelessly,
96
267778
3125
標準化了,之間可以互相進行無線通訊,
04:30
and I think this is great,
97
270903
1412
我認為這是很好的,
04:32
but without a full understanding of trustworthy computing,
98
272315
3105
但沒有一個對可信任計算的完全理解,
04:35
and without understanding what attackers can do
99
275420
2407
沒有意識到攻擊者可以做什麼
04:37
and the security risks from the beginning,
100
277827
2147
和安全風險從一開始就存在的話,
04:39
there's a lot of danger in this.
101
279974
2390
這就有很多危險了。
04:42
Okay, let me shift gears and show you another target.
102
282364
1477
好吧,讓我換個話題,告訴你另一個目標
04:43
I'm going to show you a few different targets like this,
103
283841
2088
接下來我要告訴你幾個不同的目標,
04:45
and that's my talk. So we'll look at automobiles.
104
285929
2917
這就是我的談話。所以,我們來看看汽車吧。
04:48
This is a car, and it has a lot of components,
105
288846
2896
這是一輛汽車,現在它有很多零部件,
04:51
a lot of electronics in it today.
106
291742
1620
很多的電子產品。
04:53
In fact, it's got many, many different computers inside of it,
107
293362
4377
事實上,它有很多,很多不同的電腦在裏面,
04:57
more Pentiums than my lab did when I was in college,
108
297739
3155
比我當年在大學的實驗室更多的處理器,
05:00
and they're connected by a wired network.
109
300894
3639
他們通過有線網路連接。
05:04
There's also a wireless network in the car,
110
304533
3431
而且在車上還有一個無線網路,
05:07
which can be reached from many different ways.
111
307964
3233
它可以從許多不同的方式接入。
05:11
So there's Bluetooth, there's the FM and XM radio,
112
311197
3701
有藍牙, FM和XM廣播,
05:14
there's actually wi-fi, there's sensors in the wheels
113
314898
2820
有的竟然還有Wi-Fi ,輪胎上的感測器
05:17
that wirelessly communicate the tire pressure
114
317718
2153
通過無線通信將氣壓值傳送給
05:19
to a controller on board.
115
319871
1806
主板上的控制器。
05:21
The modern car is a sophisticated multi-computer device.
116
321677
4918
當今的汽車是一個複雜的多電腦設備。
05:26
And what happens if somebody wanted to attack this?
117
326595
3322
那麼如果有人想攻擊它會發生什麼呢?
05:29
Well, that's what the researchers
118
329917
1317
嗯,這就是我今天要談的
05:31
that I'm going to talk about today did.
119
331234
1871
研究人員已經實現了什麼。
05:33
They basically stuck an attacker on the wired network
120
333105
2977
他們在有線網路和無線網路上放置了
05:36
and on the wireless network.
121
336082
2322
攻擊設備。
05:38
Now, they have two areas they can attack.
122
338404
2699
現在,他們有兩個區域可以攻擊。
05:41
One is short-range wireless, where you can actually
123
341103
2038
一個是短距離無線通訊,
05:43
communicate with the device from nearby,
124
343141
1781
在這裏你可以與附近的設備進行通信,
05:44
either through Bluetooth or wi-fi,
125
344922
2137
通過藍牙或Wi-Fi。
05:47
and the other is long-range, where you can communicate
126
347059
2174
另一種是遠距離無線通訊,
05:49
with the car through the cellular network,
127
349233
1782
通過蜂窩網路
05:51
or through one of the radio stations.
128
351015
1960
或通過一個廣播電臺。
05:52
Think about it. When a car receives a radio signal,
129
352975
3049
想像一下,當一輛車接收無線電信號時,
05:56
it's processed by software.
130
356024
2201
信號交給軟體處理。
05:58
That software has to receive and decode the radio signal,
131
358225
3061
該軟體接收和解碼無線電信號,
06:01
and then figure out what to do with it,
132
361286
1119
然後確定如何處理,
06:02
even if it's just music that it needs to play on the radio,
133
362405
3024
即使它只是音樂信號,也要交給收音機去播放,
06:05
and that software that does that decoding,
134
365429
2268
如果這個解碼軟體有
06:07
if it has any bugs in it, could create a vulnerability
135
367697
3093
任何的漏洞,那麼就成為有人破解車的
06:10
for somebody to hack the car.
136
370790
3035
攻擊點。
06:13
The way that the researchers did this work is,
137
373825
2952
研究人員做這項工作的方式是
06:16
they read the software in the computer chips
138
376777
4223
他們從車載電腦中讀出軟體,
06:21
that were in the car, and then they used sophisticated
139
381000
3193
然後他們用先進
06:24
reverse engineering tools
140
384193
1414
的逆向工程工具
06:25
to figure out what that software did,
141
385607
2055
弄清楚軟體做了什麼,
06:27
and then they found vulnerabilities in that software,
142
387662
3041
然後他們發現該軟體中的漏洞,
06:30
and then they built exploits to exploit those.
143
390703
3346
然後他們利用這些漏洞建立了一些開拓工具。
06:34
They actually carried out their attack in real life.
144
394049
2382
他們在實際環境下進行他們的攻擊實驗。
06:36
They bought two cars, and I guess
145
396431
1350
他們買了兩輛車,我想
06:37
they have better budgets than I do.
146
397781
2918
他們有比我更好的預算。
06:40
The first threat model was to see what someone could do
147
400699
2590
第一個威脅模型是看
06:43
if an attacker actually got access
148
403289
2144
如果一個攻擊者獲得到
06:45
to the internal network on the car.
149
405433
2053
內部網路的連接,他可以做什麼
06:47
Okay, so think of that as, someone gets to go to your car,
150
407486
2603
嗯,大家這樣想一下,有人進到你的車裏,
06:50
they get to mess around with it, and then they leave,
151
410089
2904
把裏面的設備搞得一團糟,然後他們離開,
06:52
and now, what kind of trouble are you in?
152
412993
2368
而現在,你陷入了什麼樣的麻煩?
06:55
The other threat model is that they contact you
153
415361
2792
另一個威脅模型是,
06:58
in real time over one of the wireless networks
154
418153
2457
他們通過無線網路,
07:00
like the cellular, or something like that,
155
420610
2055
如蜂窩電話,或類似的東西,即時地與您和車搭上線,
07:02
never having actually gotten physical access to your car.
156
422665
4000
但從來沒有通過物理方式接觸你的車。
07:06
This is what their setup looks like for the first model,
157
426665
2824
這就是看起來像第一種模式的設備,
07:09
where you get to have access to the car.
158
429489
1683
需要進入車內。
07:11
They put a laptop, and they connected to the diagnostic unit
159
431172
3387
他們放置一台筆記本電腦, 並連接車內網路的診斷模組,
07:14
on the in-car network, and they did all kinds of silly things,
160
434559
2939
然後他們做了各種愚蠢的事情,
07:17
like here's a picture of the speedometer
161
437498
2783
就像這張圖片,車速里程表
07:20
showing 140 miles an hour when the car's in park.
162
440281
2816
顯示140公里的時速,但是汽車實際上是在駐車狀態。
07:23
Once you have control of the car's computers,
163
443097
2373
一旦你擁有汽車電腦的控制,
07:25
you can do anything.
164
445470
919
你可以做任何事情。
07:26
Now you might say, "Okay, that's silly."
165
446389
1616
現在,你可能會說: “噢,這太愚蠢了。”
07:28
Well, what if you make the car always say
166
448005
1659
那麼,如果您的車總顯示20英里的時速,
07:29
it's going 20 miles an hour slower than it's actually going?
167
449664
2741
比它實際的速度低,這會怎麼樣?
07:32
You might produce a lot of speeding tickets.
168
452405
2542
您可能會產生大量超速行駛的罰單。
07:34
Then they went out to an abandoned airstrip with two cars,
169
454947
3856
然後,他們帶了兩輛車去了一個廢棄的飛機跑道,
07:38
the target victim car and the chase car,
170
458803
2745
目標受害車和主動攻擊車,
07:41
and they launched a bunch of other attacks.
171
461548
2746
然後他們實施了一堆其他的攻擊。
07:44
One of the things they were able to do from the chase car
172
464294
2766
從攻擊車裏他們能夠做到的事情之一
07:47
is apply the brakes on the other car,
173
467060
1974
是操作另一輛汽車的刹車,
07:49
simply by hacking the computer.
174
469034
1560
只需通過入侵該車的電腦。
07:50
They were able to disable the brakes.
175
470594
2431
他們可以禁用制動器。
07:53
They also were able to install malware that wouldn't kick in
176
473025
3178
他們還能夠安裝惡意軟體,
07:56
and wouldn't trigger until the car was doing something like
177
476203
2425
通常情況下這個軟體不會被觸發,直至如車輛
07:58
going over 20 miles an hour, or something like that.
178
478628
3746
時速超過每小時20英里,或類似的情況。
08:02
The results are astonishing, and when they gave this talk,
179
482374
2758
結果是驚人的,而當他們進行公開講座時,
08:05
even though they gave this talk at a conference
180
485132
1716
即使他們的講座的觀眾是
08:06
to a bunch of computer security researchers,
181
486848
1726
一堆的電腦安全研究人員,
08:08
everybody was gasping.
182
488574
1700
每個人都倒抽一口涼氣。
08:10
They were able to take over a bunch of critical computers
183
490274
3699
他們能夠接管車內一堆的關鍵電腦:
08:13
inside the car: the brakes computer, the lighting computer,
184
493973
3761
如刹車電腦,照明電腦,
08:17
the engine, the dash, the radio, etc.,
185
497734
2827
發動機電腦,儀錶電腦,無線電電腦等,
08:20
and they were able to perform these on real commercial
186
500561
2293
他們是能夠執行這些惡意程式 在他們購買的市場上
08:22
cars that they purchased using the radio network.
187
502854
3027
已有的商用汽車上,通過使用無線網路。
08:25
They were able to compromise every single one of the
188
505881
3003
他們能夠攻擊車上每一個
08:28
pieces of software that controlled every single one
189
508884
2466
帶有無線功能的模組軟體
08:31
of the wireless capabilities of the car.
190
511350
3015
的任何一部分。
08:34
All of these were implemented successfully.
191
514365
2513
所有這些都已成功實施。
08:36
How would you steal a car in this model?
192
516878
2352
在這個模型中,你會如何偷一輛車?
08:39
Well, you compromise the car by a buffer overflow
193
519230
3680
好了,你可以通過車載軟體的緩衝區溢出漏洞
08:42
of vulnerability in the software, something like that.
194
522910
2527
來攻擊,或者類似的東西。
08:45
You use the GPS in the car to locate it.
195
525437
2203
您使用車裏的GPS來定位它。
08:47
You remotely unlock the doors through the computer
196
527640
2195
您通過電腦控制遠端解鎖,
08:49
that controls that, start the engine, bypass anti-theft,
197
529835
3138
啟動引擎,繞過防盜系統,
08:52
and you've got yourself a car.
198
532973
1668
然後你就為自己搞到一輛車。
08:54
Surveillance was really interesting.
199
534641
2487
監控這個過程是非常有趣的。
08:57
The authors of the study have a video where they show
200
537128
3209
這項研究的作者有一個視頻在那裏展示
09:00
themselves taking over a car and then turning on
201
540337
2549
他們自己入侵了汽車,
09:02
the microphone in the car, and listening in on the car
202
542886
2761
然後打開車裏的麥克風,並進行監聽,
09:05
while tracking it via GPS on a map,
203
545647
3351
同時通過GPS在地圖上跟蹤它
09:08
and so that's something that the drivers of the car
204
548998
1713
還做了一些類似的事情,但汽車裏的駕駛員
09:10
would never know was happening.
205
550711
2168
永遠也不會知道發生了什麼。
09:12
Am I scaring you yet?
206
552879
2134
我嚇著你了嗎?
09:15
I've got a few more of these interesting ones.
207
555013
1943
我還有有幾個這些有趣的例子。
09:16
These are ones where I went to a conference,
208
556956
1833
我有一次去參加一個會議,
09:18
and my mind was just blown, and I said,
209
558789
1933
然後我完全被驚呆了,
09:20
"I have to share this with other people."
210
560722
1826
然後我說:“我要與其他人分享這些事情。
09:22
This was Fabian Monrose's lab
211
562548
1623
這是Fabian Monrose
09:24
at the University of North Carolina, and what they did was
212
564171
3456
在北卡羅萊納大學的實驗室,
09:27
something intuitive once you see it,
213
567627
2075
他們研究的是你看到的直觀的普通事物,
09:29
but kind of surprising.
214
569702
1714
但結果是令人驚訝的。
09:31
They videotaped people on a bus,
215
571416
2259
他們在公共汽車上對人進行錄影,
09:33
and then they post-processed the video.
216
573675
2840
然後進行後期處理。
09:36
What you see here in number one is a
217
576515
2463
你在這裏看到的第一個圖是在某個人
09:38
reflection in somebody's glasses of the smartphone
218
578978
4383
的眼鏡中反射的智慧手機在
09:43
that they're typing in.
219
583361
1425
打字的圖像
09:44
They wrote software to stabilize --
220
584786
1975
他們用軟體以穩定
09:46
even though they were on a bus
221
586761
1365
- 即使他們是在公共汽車上(來回晃動),
09:48
and maybe someone's holding their phone at an angle --
222
588126
3211
或者有人在一個角度拿著自己的手機
09:51
to stabilize the phone, process it, and
223
591337
2370
穩定電話圖像,處理圖像,然
09:53
you may know on your smartphone, when you type
224
593707
1885
後你可能知道了,在您的智慧手機上,
09:55
a password, the keys pop out a little bit, and they were able
225
595592
2939
當你輸入一個密碼,字母會彈出一會兒,
09:58
to use that to reconstruct what the person was typing,
226
598531
2840
然後他們就能用它來重建剛才輸入的資訊。
10:01
and had a language model for detecting typing.
227
601371
4321
並且他們有一個語言模型。
10:05
What was interesting is, by videotaping on a bus,
228
605692
2335
很有趣的是,通過在公共汽車上錄影,
10:08
they were able to produce exactly what people
229
608027
2129
他們能夠精確地得知人們在他們的
10:10
on their smartphones were typing,
230
610156
2151
智慧手機打的字,
10:12
and then they had a surprising result, which is that
231
612307
2260
然後他們有一個驚人的結果,
10:14
their software had not only done it for their target,
232
614567
2764
軟體不僅完成對目標的監控分析,
10:17
but other people who accidentally happened
233
617331
1403
而且也把碰巧出現在
10:18
to be in the picture, they were able to produce
234
618734
2086
圖像中的其他人
10:20
what those people had been typing, and that was kind of
235
620820
2727
的打字輸入也分析出來了,
10:23
an accidental artifact of what their software was doing.
236
623547
3617
這是他們的軟體的一個意外的收穫。
10:27
I'll show you two more. One is P25 radios.
237
627164
4303
我再給展示兩個例子。一個是P25無線電通話機。
10:31
P25 radios are used by law enforcement
238
631467
2800
P25無線電通話機用於執法機構、
10:34
and all kinds of government agencies
239
634267
3407
各種政府機構
10:37
and people in combat to communicate,
240
637674
1736
和民眾在戰鬥中的通話,
10:39
and there's an encryption option on these phones.
241
639410
2833
而且這些手機有個加密選項。
10:42
This is what the phone looks like. It's not really a phone.
242
642243
2728
這是就是P25無線電通話機,這不是一個真正的電話。
10:44
It's more of a two-way radio.
243
644971
1206
這是一個雙向無線電。
10:46
Motorola makes the most widely used one, and you can see
244
646177
3322
使用得最廣泛的是由摩托羅拉所製造的,你可以看到,
10:49
that they're used by Secret Service, they're used in combat,
245
649499
2649
特勤組織在使用它,他們在戰鬥中使用它,
10:52
it's a very, very common standard in the U.S. and elsewhere.
246
652148
3102
在美國和其他地方,這是一個非常普遍的標準裝備。
10:55
So one question the researchers asked themselves is,
247
655250
2305
因此,一個研究人員問自己的問題是,
10:57
could you block this thing, right?
248
657555
2704
你能否遮罩這個東西,對不對呢?
11:00
Could you run a denial-of-service,
249
660259
1583
你可以運行一個拒絕服務,
11:01
because these are first responders?
250
661842
1824
因為這個東西採用第一反應機制?
11:03
So, would a terrorist organization want to black out the
251
663666
1801
所以,在緊急情況下,一個恐怖組織會不糊黑掉
11:05
ability of police and fire to communicate at an emergency?
252
665467
4488
員警和消防的通訊能力?
11:09
They found that there's this GirlTech device used for texting
253
669955
3072
他們發現有一個GirlTech公司的玩具可以用來發短信,
11:13
that happens to operate at the same exact frequency
254
673027
2718
工作頻率和P25完全相同,
11:15
as the P25, and they built what they called
255
675745
2271
於是他們就用這個東西建立了他們所稱的
11:18
My First Jammer. (Laughter)
256
678016
4334
“我的第一個干擾器”。(笑聲)
11:22
If you look closely at this device,
257
682350
2378
如果你仔細觀察此設備
11:24
it's got a switch for encryption or cleartext.
258
684728
3630
它有一個開關,用於設定加密發送或明文發送。
11:28
Let me advance the slide, and now I'll go back.
259
688358
3050
讓我前進一下幻燈片,現在我回去。
11:31
You see the difference?
260
691408
2547
你看到其中的差別嗎?
11:33
This is plain text. This is encrypted.
261
693955
2557
這是純文本。這是加密的。
11:36
There's one little dot that shows up on the screen,
262
696512
2557
有一個小點,顯示在螢幕上,
11:39
and one little tiny turn of the switch.
263
699069
2085
和一個小的轉換開關。
11:41
And so the researchers asked themselves, "I wonder how
264
701154
1904
因此,研究人員問自己,
11:43
many times very secure, important, sensitive conversations
265
703058
4257
“我不知道有多少次,非常機密的、重要的、敏感的對話
11:47
are happening on these two-way radios where they forget
266
707315
1623
發生在這些雙向無線電設備上,他們忘了加密
11:48
to encrypt and they don't notice that they didn't encrypt?"
267
708938
2910
並且他們沒有注意到在進行未加密的通話嗎?”
11:51
So they bought a scanner. These are perfectly legal
268
711848
3339
於是,他們買了一台無線電掃描設備。這是完全合法的,
11:55
and they run at the frequency of the P25,
269
715187
3458
然後他們運行在P25的頻段上,
11:58
and what they did is they hopped around frequencies
270
718645
1767
然後他們在附近的頻段上跳來跳去的掃描,
12:00
and they wrote software to listen in.
271
720412
2510
他們寫軟體監聽,
12:02
If they found encrypted communication, they stayed
272
722922
2634
如果他們發現加密的通信
12:05
on that channel and they wrote down, that's a channel
273
725556
1686
他們停留在該頻道上,記下來,這是一個
12:07
that these people communicate in,
274
727242
1788
執法機構的人們在通話的頻道,
12:09
these law enforcement agencies,
275
729030
1622
執法機構的人們在通話的頻道,
12:10
and they went to 20 metropolitan areas and listened in
276
730652
3391
然後他們去了20個大都市地區,在這些頻率上監聽。
12:14
on conversations that were happening at those frequencies.
277
734043
3475
在這些頻率上監聽。
12:17
They found that in every metropolitan area,
278
737518
3239
他們發現,在每一個大都市區,
12:20
they would capture over 20 minutes a day
279
740757
2154
每天他們將捕獲超過20分鐘
12:22
of cleartext communication.
280
742911
2375
明文通信。
12:25
And what kind of things were people talking about?
281
745286
2000
人們在談論什麼樣的東西呢?
12:27
Well, they found the names and information
282
747286
1484
嗯,他們發現了需要保密的報案人的名字和資訊。
12:28
about confidential informants. They found information
283
748770
2852
的名字和資訊。
12:31
that was being recorded in wiretaps,
284
751622
2202
在監聽設備中記錄的資訊,
12:33
a bunch of crimes that were being discussed,
285
753824
2710
包括對一堆的犯罪進行的討論和
12:36
sensitive information.
286
756534
1162
其他敏感資訊。
12:37
It was mostly law enforcement and criminal.
287
757696
3363
這主要是執法和刑事方面的。
12:41
They went and reported this to the law enforcement
288
761059
1834
他們匿名了這些資訊後報給
12:42
agencies, after anonymizing it,
289
762893
2023
了執法機構,
12:44
and the vulnerability here is simply the user interface
290
764916
3000
這裏的脆弱性簡單來說在於用戶介面
12:47
wasn't good enough. If you're talking
291
767916
1394
還不夠好。如果你在談論
12:49
about something really secure and sensitive, it should
292
769310
2816
什麼真正的安全和敏感的,
12:52
be really clear to you that this conversation is encrypted.
293
772126
3293
那麼這種談話必須是要加密的。
12:55
That one's pretty easy to fix.
294
775419
1886
這是很容易解決。
12:57
The last one I thought was really, really cool,
295
777305
1669
最後一個,我想是真的、真的很酷,
12:58
and I just had to show it to you, it's probably not something
296
778974
2813
我這就把它展示給你,它可能不是那種
13:01
that you're going to lose sleep over
297
781787
1005
會讓你會失眠的東西,
13:02
like the cars or the defibrillators,
298
782792
1791
比如類似汽車電腦或心臟除顫器,
13:04
but it's stealing keystrokes.
299
784583
3023
但它可以偷按鍵資訊。
13:07
Now, we've all looked at smartphones upside down.
300
787606
2747
現在,我們上下顛倒著看一下智慧手機。
13:10
Every security expert wants to hack a smartphone,
301
790353
2190
每個安全專家想要攻擊一個智慧手機,
13:12
and we tend to look at the USB port, the GPS for tracking,
302
792543
4612
都傾向於從USB埠、GPS跟蹤、
13:17
the camera, the microphone, but no one up till this point
303
797155
3208
相機、麥克風,但沒有一個到現在為止
13:20
had looked at the accelerometer.
304
800363
1580
看過加速計。
13:21
The accelerometer is the thing that determines
305
801943
1647
加速度計的決定了智慧手機
13:23
the vertical orientation of the smartphone.
306
803590
3494
在垂直方向的角度。
13:27
And so they had a simple setup.
307
807084
1417
因此,他們做了一個簡單的設置。
13:28
They put a smartphone next to a keyboard,
308
808501
2758
他們把智慧手機放到鍵盤的旁邊,
13:31
and they had people type, and then their goal was
309
811259
2712
然後有人打字,然後他們的目標是
13:33
to use the vibrations that were created by typing
310
813971
2856
通過使用加速度計
13:36
to measure the change in the accelerometer reading
311
816827
4240
測量打字產生的振動的讀數的變化,
13:41
to determine what the person had been typing.
312
821067
3176
以確定打字內容。
13:44
Now, when they tried this on an iPhone 3GS,
313
824243
2576
現在,當他們用iPhone 3GS嘗試這種方法時,
13:46
this is a graph of the perturbations that were created
314
826819
2769
打字會產生一個圖形的擾動,
13:49
by the typing, and you can see that it's very difficult
315
829588
3241
你可以看到,很難
13:52
to tell when somebody was typing or what they were typing,
316
832829
3078
確認什麼時候人在打字和打字內容,
13:55
but the iPhone 4 greatly improved the accelerometer,
317
835907
3090
但在iPhone 4大大改善了加速度計,
13:58
and so the same measurement
318
838997
3480
所以相同的測量動作
14:02
produced this graph.
319
842477
1832
產生了這個曲線圖。
14:04
Now that gave you a lot of information while someone
320
844309
2486
現在這個圖給你了大量資訊,
14:06
was typing, and what they did then is used advanced
321
846795
3241
當有人打字的時候。接下來他們採用
14:10
artificial intelligence techniques called machine learning
322
850036
3007
先進的人工智慧技術稱為機器學習
14:13
to have a training phase,
323
853043
1431
來進行訓練階段,
14:14
and so they got most likely grad students
324
854474
2236
所以他們叫來潛在的研究生們,
14:16
to type in a whole lot of things, and to learn,
325
856710
3789
輸入了一大堆的東西,去學習,
14:20
to have the system use the machine learning tools that
326
860499
2768
使系統運用機器學習的工具,
14:23
were available to learn what it is that the people were typing
327
863267
2863
瞭解人們輸入的內容,
14:26
and to match that up
328
866130
2827
然後去匹配
14:28
with the measurements in the accelerometer.
329
868957
2477
加速度計的測量資料。
14:31
And then there's the attack phase, where you get
330
871434
1635
再有就是攻擊階段,
14:33
somebody to type something in, you don't know what it was,
331
873069
2811
一個人在那裏打字,你不知道他打的是什麼東西,
14:35
but you use your model that you created
332
875880
1297
但你用你在訓練階段時的模型進行匹配,
14:37
in the training phase to figure out what they were typing.
333
877177
3442
就可以弄清楚他們輸入內容。
14:40
They had pretty good success. This is an article from the USA Today.
334
880619
3484
他們有相當高的成功率。 這是從“今日美國”的一篇文章。
14:44
They typed in, "The Illinois Supreme Court has ruled
335
884103
2609
他們鍵入“伊利諾州最高法院裁定,
14:46
that Rahm Emanuel is eligible to run for Mayor of Chicago"
336
886712
2962
伊曼紐爾符合競選芝加哥市長的條件”
14:49
— see, I tied it in to the last talk —
337
889674
1354
看,我把它綁在最後一次談話
14:51
"and ordered him to stay on the ballot."
338
891028
2118
“並命令他繼續競選”。
14:53
Now, the system is interesting, because it produced
339
893146
2771
現在,該系統很有趣,因為它生成了
14:55
"Illinois Supreme" and then it wasn't sure.
340
895917
2886
“伊利諾州最高法院” ,然後他就不確定了。
14:58
The model produced a bunch of options,
341
898803
1950
該模型產生了一堆的選項,
15:00
and this is the beauty of some of the A.I. techniques,
342
900753
2709
這是AI技術的美妙之處,
15:03
is that computers are good at some things,
343
903462
2250
電腦在一些方面擅長,
15:05
humans are good at other things,
344
905712
1534
人類在其他方面擅長,
15:07
take the best of both and let the humans solve this one.
345
907246
1931
結合兩者的最優,讓人類解決這個問題。
15:09
Don't waste computer cycles.
346
909177
1382
不要浪費電腦的運算。
15:10
A human's not going to think it's the Supreme might.
347
910559
2136
一個人不會認為這是最高法院的威力。
15:12
It's the Supreme Court, right?
348
912695
1740
這是最高法院,對不對?
15:14
And so, together we're able to reproduce typing
349
914435
2530
所以,我們一起能夠簡單地
15:16
simply by measuring the accelerometer.
350
916965
2949
通過測量加速度計來重現輸入。
15:19
Why does this matter? Well, in the Android platform,
351
919914
3502
為什麼這個事情很重要呢?在Android平臺上,
15:23
for example, the developers have a manifest
352
923416
4133
例如,開發人員有一個設備清單,
15:27
where every device on there, the microphone, etc.,
353
927564
2584
每個設備都在上面,麥克風等,
15:30
has to register if you're going to use it
354
930148
1956
如果你要使用它就必須註冊,
15:32
so that hackers can't take over it,
355
932104
2316
這樣駭客無法接管,
15:34
but nobody controls the accelerometer.
356
934420
3108
但沒有人控制加速度計。
15:37
So what's the point? You can leave your iPhone next to
357
937528
2216
那麼,這有什麼意義呢?你可以留下 你的iPhone到其他人的鍵盤旁邊,
15:39
someone's keyboard, and just leave the room,
358
939744
2106
然後離開房間,
15:41
and then later recover what they did,
359
941850
1639
過一會回來就知道他們做了什麼,
15:43
even without using the microphone.
360
943489
1711
甚至不使用麥克風
15:45
If someone is able to put malware on your iPhone,
361
945200
2174
如果有人能夠在你的iPhone上安裝惡意軟體,
15:47
they could then maybe get the typing that you do
362
947374
2848
那麼也許他們可以得到你的打字內容,
15:50
whenever you put your iPhone next to your keyboard.
363
950222
2321
當你打字時把iPhone放到鍵盤旁邊。
15:52
There's several other notable attacks that unfortunately
364
952543
2271
還有其他幾個著名的攻擊,不過遺憾的是
15:54
I don't have time to go into, but the one that I wanted
365
954814
2131
我沒有時間給大家一一提到,但是,我想指出的是,
15:56
to point out was a group from the University of Michigan
366
956945
2277
美國密西根大學的一個小組已經能
15:59
which was able to take voting machines,
367
959222
2441
夠搞定投票機了,
16:01
the Sequoia AVC Edge DREs that
368
961663
2498
Sequoia AVC Edge DRE,
16:04
were going to be used in New Jersey in the election
369
964161
1555
就是那種使用在新澤西州的選舉
16:05
that were left in a hallway, and put Pac-Man on it.
370
965716
2161
留在走廊裏的機器。他們可以把Pac-Man遊戲機放上去。
16:07
So they ran the Pac-Man game.
371
967877
3623
他們運行Pac-Man遊戲。
16:11
What does this all mean?
372
971500
1747
這一切意味著什麼?
16:13
Well, I think that society tends to adopt technology
373
973247
3647
嗯,我認為社會趨向於快速採用新技術。
16:16
really quickly. I love the next coolest gadget.
374
976894
2824
我愛最新最酷的小工具。
16:19
But it's very important, and these researchers are showing,
375
979718
2614
但非常重要的是,在這些研究人員展示的例子中,
16:22
that the developers of these things
376
982332
1360
這些東西的開發人員
16:23
need to take security into account from the very beginning,
377
983692
2865
從一開始就要將安全因素考慮進去,
16:26
and need to realize that they may have a threat model,
378
986557
2785
並意識到,即使他們設計時 考慮到可能有一個威脅模型,
16:29
but the attackers may not be nice enough
379
989342
2462
但攻擊者可能沒有友善到
16:31
to limit themselves to that threat model,
380
991804
1777
將自己的行為限制在這個威脅模型中,
16:33
and so you need to think outside of the box.
381
993581
2537
所以你需要考慮出了這一個模型之外的所有威脅。
16:36
What we can do is be aware
382
996118
1578
我們所能做的是請注意
16:37
that devices can be compromised,
383
997696
2479
設備可能會受到攻擊和損害,
16:40
and anything that has software in it
384
1000175
1699
只要是含有軟體
16:41
is going to be vulnerable. It's going to have bugs.
385
1001874
2649
它就容易受到攻擊, 它就會有缺陷。
16:44
Thank you very much. (Applause)
386
1004523
3497
非常感謝你。 (掌聲)
關於本網站

本網站將向您介紹對學習英語有用的 YouTube 視頻。 您將看到來自世界各地的一流教師教授的英語課程。 雙擊每個視頻頁面上顯示的英文字幕,從那裡播放視頻。 字幕與視頻播放同步滾動。 如果您有任何意見或要求,請使用此聯繫表與我們聯繫。

https://forms.gle/WvT1wiN1qDtmnspy7