【TED】阿維-魯賓。你的所有設備都可以被黑客攻擊（Avi Rubin：你的所有設備都可以被黑客攻擊）。 (【TED】Avi Rubin: All your devices can be hacked (Avi Rubin: All your devices can be hacked))

Subtitles section Play video

Translator: Joseph Geni Reviewer: Morton Bast

譯者: Tom Tao 審譯者: 文进肖
I'm a computer science professor,

我是一名計算機科學教授，
and my area of expertise is

我的專業領域是
computer and information security.

計算機與資訊安全。
When I was in graduate school,

我在研究所的時候，
I had the opportunity to overhear my grandmother

有一次碰巧聽到我的祖母
describing to one of her fellow senior citizens

跟她一位年長的朋友
what I did for a living.

聊到我的工作。
Apparently, I was in charge of making sure that

我的工作顯然是在確保
no one stole the computers from the university. (Laughter)

大學裡面的電腦不會被人偷走。(笑聲)
And, you know, that's a perfectly reasonable thing

她會這麼想也不讓人意外，
for her to think, because I told her I was working

因為我告訴她
in computer security,

我的工作是關於計算機安全，
and it was interesting to get her perspective.

她的聯想力真的很有意思。
But that's not the most ridiculous thing I've ever heard

但是，這還不是別人對我的工作的解釋
anyone say about my work.

最好笑的一個。
The most ridiculous thing I ever heard is,

我聽過最好笑的一次是，
I was at a dinner party, and a woman heard

在一次晚宴上，
that I work in computer security,

一位女士聽到我是從事計算機安全的，
and she asked me if -- she said her computer had been

於是她向我諮詢，她說她的電腦中毒了，
infected by a virus, and she was very concerned that she

她非常擔心她可能會生病，
might get sick from it, that she could get this virus. (Laughter)

因為她可能會感染同樣的病毒。(笑聲)
And I'm not a doctor, but I reassured her

我不是醫生，但是我向她保證
that it was very, very unlikely that this would happen,

這個可能性微乎其微，
but if she felt more comfortable, she could be free to use

但是如果她還是不放心，
latex gloves when she was on the computer,

可以在使用電腦的時候戴上橡膠手套，
and there would be no harm whatsoever in that.

這樣就肯定萬無一失了。
I'm going to get back to this notion of being able to get

言歸正傳，接下來我要認真地
a virus from your computer, in a serious way.

談談如何避免電腦病毒。
What I'm going to talk to you about today

我今天要跟你們聊的是有關
are some hacks, some real world cyberattacks that people

在我所從事的研究領域中
in my community, the academic research community,

發生的一些駭客及網路攻擊問題，
have performed, which I don't think

我相信這些是
most people know about,

大部分人都不了解的，
and I think they're very interesting and scary,

並且我認為這些是既有意思又讓人害怕的，
and this talk is kind of a greatest hits

而這次談話的內容
of the academic security community's hacks.

就是關於安全領域的經典案例。
None of the work is my work. It's all work

這些事情不是發生在我身上。
that my colleagues have done, and I actually asked them

這些都是我同事做的研究，而我請他們
for their slides and incorporated them into this talk.

提供一些資料加到這次談話中。
So the first one I'm going to talk about

接下來首先我要講的是
are implanted medical devices.

體內植入醫療設備。
Now medical devices have come a long way technologically.

現在的醫療設備已經在技術方面發展了很多年。
You can see in 1926 the first pacemaker was invented.

大家從螢幕上可以看到在1926年，第一個外置心臟起搏器被發明。
1960, the first internal pacemaker was implanted,

1960年第一個內置起搏器被植入人體，
hopefully a little smaller than that one that you see there,

如大家所願這個東西體積減少了很多，
and the technology has continued to move forward.

並且技術還在不斷的進步。
In 2006, we hit an important milestone from the perspective

到2006年，從電腦安全角度來說
of computer security.

我們達到了一個重要的里程碑
And why do I say that?

為什麼為這麼說？
Because that's when implanted devices inside of people

因為這時候人體內置的設備
started to have networking capabilities.

開始具備聯網功能。
One thing that brings us close to home is we look

Dick Cheney的設備可以讓我們更好的理解這一點，
at Dick Cheney's device, he had a device that

Dick Cheney的設備可以讓我們更好的理解這一點，
pumped blood from an aorta to another part of the heart,

這個設備負責將血液從一個大動脈輸送到心臟的另一個腔體，
and as you can see at the bottom there,

就像你看到的，圖中的底部，
it was controlled by a computer controller,

一個電腦控制器控制著整個設備，
and if you ever thought that software liability

如果你認爲這個軟體控制很重要
was very important, get one of these inside of you.

你可以自己裝一個。
Now what a research team did was they got their hands

現在一個研究小組手頭上的工作
on what's called an ICD.

是研究一個稱為ICD的設備。（ICD，植入式心臟去顫器)
This is a defibrillator, and this is a device

這是一個心律去顫器，植入人體後
that goes into a person to control their heart rhythm,

控制自己的心臟節律，
and these have saved many lives.

已經挽救了許多人的生命。
Well, in order to not have to open up the person

為了不對人進行重新手術
every time you want to reprogram their device

就可以每次重新設定他們的設備，
or do some diagnostics on it, they made the thing be able

或者做一些診斷，這個設備能夠進行無線通訊，
to communicate wirelessly, and what this research team did

而這個研究小組所做的是
is they reverse engineered the wireless protocol,

他們逆向工程無線協定，
and they built the device you see pictured here,

做了個小設備，你在這裏看得到，
with a little antenna, that could talk the protocol

帶一個小的天線，會使用協定和ICD通信，
to the device, and thus control it.

從而控制它。
In order to make their experience real -- they were unable

為了使他們的實驗更真實
to find any volunteers, and so they went

-由於他們無法找到任何的志願者-於是他們找到了一些
and they got some ground beef and some bacon

碎牛肉和一些臘肉，
and they wrapped it all up to about the size

包成該設備將去的人體部位的大小，
of a human being's area where the device would go,

包成該設備將去的人體部位的大小，
and they stuck the device inside it

然後把設備塞進去來做實驗,
to perform their experiment somewhat realistically.

為了使實驗更加接近真實情況。
They launched many, many successful attacks.

他們完成了許多許多次成功的攻擊。
One that I'll highlight here is changing the patient's name.

在這裏我還是要強調的是改變病人的名字。
I don't know why you would want to do that,

我不知道你為什麼會想這樣做，
but I sure wouldn't want that done to me.

但我肯定不會想，這樣的事發生在我身上。
And they were able to change therapies,

他們能夠改變的治療方法，
including disabling the device -- and this is with a real,

包括停用此設備 --這是一個真正的，
commercial, off-the-shelf device --

商業的，現成的設備
simply by performing reverse engineering and sending

只需通過執行逆向工程和發送
wireless signals to it.

無線信號就能控制它。可怕吧？
There was a piece on NPR that some of these ICDs

NPR上有個片段講的是有些ICD
could actually have their performance disrupted

的功能竟然會被干擾，
simply by holding a pair of headphones onto them.

只要簡單地把一對耳機放到它上面就發生了。
Now, wireless and the Internet

現在，無線和網路可以
can improve health care greatly.

大大提高醫療水準。
There's several examples up on the screen

在螢幕上有幾個例子，
of situations where doctors are looking to implant devices

醫生正在植入設備到人體，
inside of people, and all of these devices now,

而其所有的這些設備現在
it's standard that they communicate wirelessly,

標準化了，之間可以互相進行無線通訊，
and I think this is great,

我認為這是很好的，
but without a full understanding of trustworthy computing,

但沒有一個對可信任計算的完全理解，
and without understanding what attackers can do

沒有意識到攻擊者可以做什麼
and the security risks from the beginning,

和安全風險從一開始就存在的話，
there's a lot of danger in this.

這就有很多危險了。
Okay, let me shift gears and show you another target.

好吧，讓我換個話題，告訴你另一個目標
I'm going to show you a few different targets like this,

接下來我要告訴你幾個不同的目標，
and that's my talk. So we'll look at automobiles.

這就是我的談話。所以，我們來看看汽車吧。
This is a car, and it has a lot of components,

這是一輛汽車，現在它有很多零部件，
a lot of electronics in it today.

很多的電子產品。
In fact, it's got many, many different computers inside of it,

事實上，它有很多，很多不同的電腦在裏面，
more Pentiums than my lab did when I was in college,

比我當年在大學的實驗室更多的處理器，
and they're connected by a wired network.

他們通過有線網路連接。
There's also a wireless network in the car,

而且在車上還有一個無線網路，
which can be reached from many different ways.

它可以從許多不同的方式接入。
So there's Bluetooth, there's the FM and XM radio,

有藍牙， FM和XM廣播，
there's actually wi-fi, there's sensors in the wheels

有的竟然還有Wi-Fi ，輪胎上的感測器
that wirelessly communicate the tire pressure

通過無線通信將氣壓值傳送給
to a controller on board.

主板上的控制器。
The modern car is a sophisticated multi-computer device.

當今的汽車是一個複雜的多電腦設備。
And what happens if somebody wanted to attack this?

那麼如果有人想攻擊它會發生什麼呢？
Well, that's what the researchers

嗯，這就是我今天要談的
that I'm going to talk about today did.

研究人員已經實現了什麼。
They basically stuck an attacker on the wired network

他們在有線網路和無線網路上放置了
and on the wireless network.

攻擊設備。
Now, they have two areas they can attack.

現在，他們有兩個區域可以攻擊。
One is short-range wireless, where you can actually

一個是短距離無線通訊，
communicate with the device from nearby,

在這裏你可以與附近的設備進行通信，
either through Bluetooth or wi-fi,

通過藍牙或Wi-Fi。
and the other is long-range, where you can communicate

另一種是遠距離無線通訊，
with the car through the cellular network,

通過蜂窩網路
or through one of the radio stations.

或通過一個廣播電臺。
Think about it. When a car receives a radio signal,

想像一下，當一輛車接收無線電信號時，
it's processed by software.

信號交給軟體處理。
That software has to receive and decode the radio signal,

該軟體接收和解碼無線電信號，
and then figure out what to do with it,

然後確定如何處理，
even if it's just music that it needs to play on the radio,

即使它只是音樂信號，也要交給收音機去播放，
and that software that does that decoding,

如果這個解碼軟體有
if it has any bugs in it, could create a vulnerability

任何的漏洞，那麼就成為有人破解車的
for somebody to hack the car.

攻擊點。
The way that the researchers did this work is,

研究人員做這項工作的方式是
they read the software in the computer chips

他們從車載電腦中讀出軟體，
that were in the car, and then they used sophisticated

然後他們用先進
reverse engineering tools

的逆向工程工具
to figure out what that software did,

弄清楚軟體做了什麼，
and then they found vulnerabilities in that software,

然後他們發現該軟體中的漏洞，
and then they built exploits to exploit those.

然後他們利用這些漏洞建立了一些開拓工具。
They actually carried out their attack in real life.

他們在實際環境下進行他們的攻擊實驗。
They bought two cars, and I guess

他們買了兩輛車，我想
they have better budgets than I do.

他們有比我更好的預算。
The first threat model was to see what someone could do

第一個威脅模型是看
if an attacker actually got access

如果一個攻擊者獲得到
to the internal network on the car.

內部網路的連接,他可以做什麼
Okay, so think of that as, someone gets to go to your car,

嗯，大家這樣想一下，有人進到你的車裏，
they get to mess around with it, and then they leave,

把裏面的設備搞得一團糟，然後他們離開，
and now, what kind of trouble are you in?

而現在，你陷入了什麼樣的麻煩？
The other threat model is that they contact you

另一個威脅模型是，
in real time over one of the wireless networks

他們通過無線網路，
like the cellular, or something like that,

如蜂窩電話，或類似的東西，即時地與您和車搭上線，
never having actually gotten physical access to your car.

但從來沒有通過物理方式接觸你的車。
This is what their setup looks like for the first model,

這就是看起來像第一種模式的設備，
where you get to have access to the car.

需要進入車內。
They put a laptop, and they connected to the diagnostic unit

他們放置一台筆記本電腦，並連接車內網路的診斷模組，
on the in-car network, and they did all kinds of silly things,

然後他們做了各種愚蠢的事情，
like here's a picture of the speedometer

就像這張圖片，車速里程表
showing 140 miles an hour when the car's in park.

顯示140公里的時速，但是汽車實際上是在駐車狀態。
Once you have control of the car's computers,

一旦你擁有汽車電腦的控制，
you can do anything.

你可以做任何事情。
Now you might say, "Okay, that's silly."

現在，你可能會說： “噢，這太愚蠢了。”
Well, what if you make the car always say

那麼，如果您的車總顯示20英里的時速，
it's going 20 miles an hour slower than it's actually going?

比它實際的速度低，這會怎麼樣？
You might produce a lot of speeding tickets.

您可能會產生大量超速行駛的罰單。
Then they went out to an abandoned airstrip with two cars,

然後，他們帶了兩輛車去了一個廢棄的飛機跑道，
the target victim car and the chase car,

目標受害車和主動攻擊車，
and they launched a bunch of other attacks.

然後他們實施了一堆其他的攻擊。
One of the things they were able to do from the chase car

從攻擊車裏他們能夠做到的事情之一
is apply the brakes on the other car,

是操作另一輛汽車的刹車，
simply by hacking the computer.

只需通過入侵該車的電腦。
They were able to disable the brakes.

他們可以禁用制動器。
They also were able to install malware that wouldn't kick in

他們還能夠安裝惡意軟體，
and wouldn't trigger until the car was doing something like

通常情況下這個軟體不會被觸發，直至如車輛
going over 20 miles an hour, or something like that.

時速超過每小時20英里，或類似的情況。
The results are astonishing, and when they gave this talk,

結果是驚人的，而當他們進行公開講座時，
even though they gave this talk at a conference

即使他們的講座的觀眾是
to a bunch of computer security researchers,

一堆的電腦安全研究人員，
everybody was gasping.

每個人都倒抽一口涼氣。
They were able to take over a bunch of critical computers

他們能夠接管車內一堆的關鍵電腦：
inside the car: the brakes computer, the lighting computer,

如刹車電腦，照明電腦，
the engine, the dash, the radio, etc.,

發動機電腦，儀錶電腦，無線電電腦等，
and they were able to perform these on real commercial

他們是能夠執行這些惡意程式在他們購買的市場上
cars that they purchased using the radio network.

已有的商用汽車上，通過使用無線網路。
They were able to compromise every single one of the

他們能夠攻擊車上每一個
pieces of software that controlled every single one

帶有無線功能的模組軟體
of the wireless capabilities of the car.

的任何一部分。
All of these were implemented successfully.

所有這些都已成功實施。
How would you steal a car in this model?

在這個模型中，你會如何偷一輛車？
Well, you compromise the car by a buffer overflow

好了，你可以通過車載軟體的緩衝區溢出漏洞
of vulnerability in the software, something like that.

來攻擊，或者類似的東西。
You use the GPS in the car to locate it.

您使用車裏的GPS來定位它。
You remotely unlock the doors through the computer

您通過電腦控制遠端解鎖，
that controls that, start the engine, bypass anti-theft,

啟動引擎，繞過防盜系統，
and you've got yourself a car.

然後你就為自己搞到一輛車。
Surveillance was really interesting.

監控這個過程是非常有趣的。
The authors of the study have a video where they show

這項研究的作者有一個視頻在那裏展示
themselves taking over a car and then turning on

他們自己入侵了汽車，
the microphone in the car, and listening in on the car

然後打開車裏的麥克風，並進行監聽，
while tracking it via GPS on a map,

同時通過GPS在地圖上跟蹤它
and so that's something that the drivers of the car

還做了一些類似的事情，但汽車裏的駕駛員
would never know was happening.

永遠也不會知道發生了什麼。
Am I scaring you yet?

我嚇著你了嗎？
I've got a few more of these interesting ones.

我還有有幾個這些有趣的例子。
These are ones where I went to a conference,

我有一次去參加一個會議，
and my mind was just blown, and I said,

然後我完全被驚呆了，
"I have to share this with other people."

然後我說：“我要與其他人分享這些事情。
This was Fabian Monrose's lab

這是Fabian Monrose
at the University of North Carolina, and what they did was

在北卡羅萊納大學的實驗室，
something intuitive once you see it,

他們研究的是你看到的直觀的普通事物，
but kind of surprising.

但結果是令人驚訝的。
They videotaped people on a bus,

他們在公共汽車上對人進行錄影，
and then they post-processed the video.

然後進行後期處理。
What you see here in number one is a

你在這裏看到的第一個圖是在某個人
reflection in somebody's glasses of the smartphone

的眼鏡中反射的智慧手機在
that they're typing in.

打字的圖像
They wrote software to stabilize --

他們用軟體以穩定
even though they were on a bus

- 即使他們是在公共汽車上（來回晃動），
and maybe someone's holding their phone at an angle --

或者有人在一個角度拿著自己的手機
to stabilize the phone, process it, and

穩定電話圖像，處理圖像，然
you may know on your smartphone, when you type

後你可能知道了，在您的智慧手機上，
a password, the keys pop out a little bit, and they were able

當你輸入一個密碼，字母會彈出一會兒，
to use that to reconstruct what the person was typing,

然後他們就能用它來重建剛才輸入的資訊。
and had a language model for detecting typing.

並且他們有一個語言模型。
What was interesting is, by videotaping on a bus,

很有趣的是，通過在公共汽車上錄影，
they were able to produce exactly what people

他們能夠精確地得知人們在他們的
on their smartphones were typing,

智慧手機打的字，
and then they had a surprising result, which is that

然後他們有一個驚人的結果，
their software had not only done it for their target,

軟體不僅完成對目標的監控分析，
but other people who accidentally happened

而且也把碰巧出現在
to be in the picture, they were able to produce

圖像中的其他人
what those people had been typing, and that was kind of

的打字輸入也分析出來了，
an accidental artifact of what their software was doing.

這是他們的軟體的一個意外的收穫。
I'll show you two more. One is P25 radios.

我再給展示兩個例子。一個是P25無線電通話機。
P25 radios are used by law enforcement

P25無線電通話機用於執法機構、
and all kinds of government agencies

各種政府機構
and people in combat to communicate,

和民眾在戰鬥中的通話，
and there's an encryption option on these phones.

而且這些手機有個加密選項。
This is what the phone looks like. It's not really a phone.

這是就是P25無線電通話機，這不是一個真正的電話。
It's more of a two-way radio.

這是一個雙向無線電。
Motorola makes the most widely used one, and you can see

使用得最廣泛的是由摩托羅拉所製造的，你可以看到，
that they're used by Secret Service, they're used in combat,

特勤組織在使用它，他們在戰鬥中使用它，
it's a very, very common standard in the U.S. and elsewhere.

在美國和其他地方，這是一個非常普遍的標準裝備。
So one question the researchers asked themselves is,

因此，一個研究人員問自己的問題是，
could you block this thing, right?

你能否遮罩這個東西，對不對呢？
Could you run a denial-of-service,

你可以運行一個拒絕服務，
because these are first responders?

因為這個東西採用第一反應機制？
So, would a terrorist organization want to black out the

所以，在緊急情況下，一個恐怖組織會不糊黑掉
ability of police and fire to communicate at an emergency?

員警和消防的通訊能力？
They found that there's this GirlTech device used for texting

他們發現有一個GirlTech公司的玩具可以用來發短信，
that happens to operate at the same exact frequency

工作頻率和P25完全相同，
as the P25, and they built what they called

於是他們就用這個東西建立了他們所稱的
My First Jammer. (Laughter)

“我的第一個干擾器”。（笑聲）
If you look closely at this device,

如果你仔細觀察此設備
it's got a switch for encryption or cleartext.

它有一個開關，用於設定加密發送或明文發送。
Let me advance the slide, and now I'll go back.

讓我前進一下幻燈片，現在我回去。
You see the difference?

你看到其中的差別嗎？
This is plain text. This is encrypted.

這是純文本。這是加密的。
There's one little dot that shows up on the screen,

有一個小點，顯示在螢幕上，
and one little tiny turn of the switch.

和一個小的轉換開關。
And so the researchers asked themselves, "I wonder how

因此，研究人員問自己，
many times very secure, important, sensitive conversations

“我不知道有多少次，非常機密的、重要的、敏感的對話
are happening on these two-way radios where they forget

發生在這些雙向無線電設備上，他們忘了加密
to encrypt and they don't notice that they didn't encrypt?"

並且他們沒有注意到在進行未加密的通話嗎？”
So they bought a scanner. These are perfectly legal

於是，他們買了一台無線電掃描設備。這是完全合法的，
and they run at the frequency of the P25,

然後他們運行在P25的頻段上，
and what they did is they hopped around frequencies

然後他們在附近的頻段上跳來跳去的掃描，
and they wrote software to listen in.

他們寫軟體監聽，
If they found encrypted communication, they stayed

如果他們發現加密的通信
on that channel and they wrote down, that's a channel

他們停留在該頻道上，記下來，這是一個
that these people communicate in,

執法機構的人們在通話的頻道，
these law enforcement agencies,

執法機構的人們在通話的頻道，
and they went to 20 metropolitan areas and listened in

然後他們去了20個大都市地區，在這些頻率上監聽。
on conversations that were happening at those frequencies.

在這些頻率上監聽。
They found that in every metropolitan area,

他們發現，在每一個大都市區，
they would capture over 20 minutes a day

每天他們將捕獲超過20分鐘
of cleartext communication.

明文通信。
And what kind of things were people talking about?

人們在談論什麼樣的東西呢？
Well, they found the names and information

嗯，他們發現了需要保密的報案人的名字和資訊。
about confidential informants. They found information

的名字和資訊。
that was being recorded in wiretaps,

在監聽設備中記錄的資訊，
a bunch of crimes that were being discussed,

包括對一堆的犯罪進行的討論和
sensitive information.

其他敏感資訊。
It was mostly law enforcement and criminal.

這主要是執法和刑事方面的。
They went and reported this to the law enforcement

他們匿名了這些資訊後報給
agencies, after anonymizing it,

了執法機構，
and the vulnerability here is simply the user interface

這裏的脆弱性簡單來說在於用戶介面
wasn't good enough. If you're talking

還不夠好。如果你在談論
about something really secure and sensitive, it should

什麼真正的安全和敏感的，
be really clear to you that this conversation is encrypted.

那麼這種談話必須是要加密的。
That one's pretty easy to fix.

這是很容易解決。
The last one I thought was really, really cool,

最後一個，我想是真的、真的很酷，
and I just had to show it to you, it's probably not something

我這就把它展示給你，它可能不是那種
that you're going to lose sleep over

會讓你會失眠的東西，
like the cars or the defibrillators,

比如類似汽車電腦或心臟除顫器，
but it's stealing keystrokes.

但它可以偷按鍵資訊。
Now, we've all looked at smartphones upside down.

現在，我們上下顛倒著看一下智慧手機。
Every security expert wants to hack a smartphone,

每個安全專家想要攻擊一個智慧手機,
and we tend to look at the USB port, the GPS for tracking,

都傾向於從USB埠、GPS跟蹤、
the camera, the microphone, but no one up till this point

相機、麥克風，但沒有一個到現在為止
had looked at the accelerometer.

看過加速計。
The accelerometer is the thing that determines

加速度計的決定了智慧手機
the vertical orientation of the smartphone.

在垂直方向的角度。
And so they had a simple setup.

因此，他們做了一個簡單的設置。
They put a smartphone next to a keyboard,

他們把智慧手機放到鍵盤的旁邊，
and they had people type, and then their goal was

然後有人打字，然後他們的目標是
to use the vibrations that were created by typing

通過使用加速度計
to measure the change in the accelerometer reading

測量打字產生的振動的讀數的變化，
to determine what the person had been typing.

以確定打字內容。
Now, when they tried this on an iPhone 3GS,

現在，當他們用iPhone 3GS嘗試這種方法時，
this is a graph of the perturbations that were created

打字會產生一個圖形的擾動，
by the typing, and you can see that it's very difficult

你可以看到，很難
to tell when somebody was typing or what they were typing,

確認什麼時候人在打字和打字內容，
but the iPhone 4 greatly improved the accelerometer,

但在iPhone 4大大改善了加速度計，
and so the same measurement

所以相同的測量動作
produced this graph.

產生了這個曲線圖。
Now that gave you a lot of information while someone

現在這個圖給你了大量資訊，
was typing, and what they did then is used advanced

當有人打字的時候。接下來他們採用
artificial intelligence techniques called machine learning

先進的人工智慧技術稱為機器學習
to have a training phase,

來進行訓練階段，
and so they got most likely grad students

所以他們叫來潛在的研究生們，
to type in a whole lot of things, and to learn,

輸入了一大堆的東西，去學習，
to have the system use the machine learning tools that

使系統運用機器學習的工具，
were available to learn what it is that the people were typing

瞭解人們輸入的內容，
and to match that up

然後去匹配
with the measurements in the accelerometer.

加速度計的測量資料。
And then there's the attack phase, where you get

再有就是攻擊階段，
somebody to type something in, you don't know what it was,

一個人在那裏打字，你不知道他打的是什麼東西，
but you use your model that you created

但你用你在訓練階段時的模型進行匹配，
in the training phase to figure out what they were typing.

就可以弄清楚他們輸入內容。
They had pretty good success. This is an article from the USA Today.

他們有相當高的成功率。這是從“今日美國”的一篇文章。
They typed in, "The Illinois Supreme Court has ruled

他們鍵入“伊利諾州最高法院裁定，
that Rahm Emanuel is eligible to run for Mayor of Chicago"

伊曼紐爾符合競選芝加哥市長的條件”
— see, I tied it in to the last talk —

看，我把它綁在最後一次談話
"and ordered him to stay on the ballot."

“並命令他繼續競選”。
Now, the system is interesting, because it produced

現在，該系統很有趣，因為它生成了
"Illinois Supreme" and then it wasn't sure.

“伊利諾州最高法院” ，然後他就不確定了。
The model produced a bunch of options,

該模型產生了一堆的選項，
and this is the beauty of some of the A.I. techniques,

這是AI技術的美妙之處，
is that computers are good at some things,

電腦在一些方面擅長，
humans are good at other things,

人類在其他方面擅長，
take the best of both and let the humans solve this one.

結合兩者的最優，讓人類解決這個問題。
Don't waste computer cycles.

不要浪費電腦的運算。
A human's not going to think it's the Supreme might.

一個人不會認為這是最高法院的威力。
It's the Supreme Court, right?

這是最高法院，對不對？
And so, together we're able to reproduce typing

所以，我們一起能夠簡單地
simply by measuring the accelerometer.

通過測量加速度計來重現輸入。
Why does this matter? Well, in the Android platform,

為什麼這個事情很重要呢？在Android平臺上，
for example, the developers have a manifest

例如，開發人員有一個設備清單，
where every device on there, the microphone, etc.,

每個設備都在上面，麥克風等，
has to register if you're going to use it

如果你要使用它就必須註冊，
so that hackers can't take over it,

這樣駭客無法接管，
but nobody controls the accelerometer.

但沒有人控制加速度計。
So what's the point? You can leave your iPhone next to

那麼，這有什麼意義呢？你可以留下你的iPhone到其他人的鍵盤旁邊，
someone's keyboard, and just leave the room,

然後離開房間，
and then later recover what they did,

過一會回來就知道他們做了什麼，
even without using the microphone.

甚至不使用麥克風
If someone is able to put malware on your iPhone,

如果有人能夠在你的iPhone上安裝惡意軟體，
they could then maybe get the typing that you do

那麼也許他們可以得到你的打字內容，
whenever you put your iPhone next to your keyboard.

當你打字時把iPhone放到鍵盤旁邊。
There's several other notable attacks that unfortunately

還有其他幾個著名的攻擊，不過遺憾的是
I don't have time to go into, but the one that I wanted

我沒有時間給大家一一提到，但是，我想指出的是，
to point out was a group from the University of Michigan

美國密西根大學的一個小組已經能
which was able to take voting machines,

夠搞定投票機了，
the Sequoia AVC Edge DREs that

Sequoia AVC Edge DRE，
were going to be used in New Jersey in the election

就是那種使用在新澤西州的選舉
that were left in a hallway, and put Pac-Man on it.

留在走廊裏的機器。他們可以把Pac-Man遊戲機放上去。
So they ran the Pac-Man game.

他們運行Pac-Man遊戲。
What does this all mean?

這一切意味著什麼？
Well, I think that society tends to adopt technology

嗯，我認為社會趨向於快速採用新技術。
really quickly. I love the next coolest gadget.

我愛最新最酷的小工具。
But it's very important, and these researchers are showing,

但非常重要的是，在這些研究人員展示的例子中，
that the developers of these things

這些東西的開發人員
need to take security into account from the very beginning,

從一開始就要將安全因素考慮進去，
and need to realize that they may have a threat model,

並意識到，即使他們設計時考慮到可能有一個威脅模型，
but the attackers may not be nice enough

但攻擊者可能沒有友善到
to limit themselves to that threat model,

將自己的行為限制在這個威脅模型中，
and so you need to think outside of the box.

所以你需要考慮出了這一個模型之外的所有威脅。
What we can do is be aware

我們所能做的是請注意
that devices can be compromised,

設備可能會受到攻擊和損害，
and anything that has software in it

只要是含有軟體
is going to be vulnerable. It's going to have bugs.

它就容易受到攻擊，它就會有缺陷。
Thank you very much. (Applause)

非常感謝你。 (掌聲)