I'm a computer science professor,

我是一名計算機科學教授，

and my area of expertise is

我的專業領域是

computer and information security.

計算機與資訊安全。

When I was in graduate school,

我在研究所的時候，

I had the opportunity to overhear my grandmother

有一次碰巧聽到我的祖母

describing to one of her fellow senior citizens

跟她一位年長的朋友

what I did for a living.

聊到我的工作。

Apparently, I was in charge of making sure that

我的工作顯然是在確保

no one stole the computers from the university. (Laughter)

大學裡面的電腦不會被人偷走。(笑聲)

And, you know, that's a perfectly reasonable thing

她會這麼想也不讓人意外，

for her to think, because I told her I was working

因為我告訴她

in computer security,

我的工作是關於計算機安全，

and it was interesting to get her perspective.

她的聯想力真的很有意思。

But that's not the most ridiculous thing I've ever heard

但是，這還不是別人對我的工作的解釋

anyone say about my work.

最好笑的一個。

The most ridiculous thing I ever heard is,

我聽過最好笑的一次是，

I was at a dinner party, and a woman heard

在一次晚宴上，

that I work in computer security,

一位女士聽到我是從事計算機安全的，

and she asked me if -- she said her computer had been

於是她向我諮詢，她說她的電腦中毒了，

infected by a virus, and she was very concerned that she

她非常擔心她可能會生病，

might get sick from it, that she could get this virus. (Laughter)

因為她可能會感染同樣的病毒。(笑聲)

And I'm not a doctor, but I reassured her

我不是醫生，但是我向她保證

that it was very, very unlikely that this would happen,

這個可能性微乎其微，

but if she felt more comfortable, she could be free to use

但是如果她還是不放心，

latex gloves when she was on the computer,

可以在使用電腦的時候戴上橡膠手套，

and there would be no harm whatsoever in that.

這樣就肯定萬無一失了。

I'm going to get back to this notion of being able to get

言歸正傳，接下來我要認真地

a virus from your computer, in a serious way.

談談如何避免電腦病毒。

What I'm going to talk to you about today

我今天要跟你們聊的是有關

are some hacks, some real world cyberattacks that people

在我所從事的研究領域中

in my community, the academic research community,

發生的一些駭客及網路攻擊問題，

have performed, which I don't think

我相信這些是

most people know about,

大部分人都不了解的，

and I think they're very interesting and scary,

並且我認為這些是既有意思又讓人害怕的，

and this talk is kind of a greatest hits

而這次談話的內容

of the academic security community's hacks.

就是關於安全領域的經典案例。

None of the work is my work. It's all work

這些事情不是發生在我身上。

that my colleagues have done, and I actually asked them

這些都是我同事做的研究，而我請他們

for their slides and incorporated them into this talk.

提供一些資料加到這次談話中。

So the first one I'm going to talk about

接下來首先我要講的是

are implanted medical devices.

體內植入醫療設備。

Now medical devices have come a long way technologically.

現在的醫療設備已經在技術方面發展了很多年。

You can see in 1926 the first pacemaker was invented.

大家從螢幕上可以看到 在1926年，第一個外置心臟起搏器被發明。

1960, the first internal pacemaker was implanted,

1960年第一個內置起搏器被植入人體，

hopefully a little smaller than that one that you see there,

如大家所願這個東西體積減少了很多，

and the technology has continued to move forward.

並且技術還在不斷的進步。

In 2006, we hit an important milestone from the perspective

到2006年，從電腦安全角度來說

of computer security.

我們達到了一個重要的里程碑

And why do I say that?

為什麼為這麼說？

Because that's when implanted devices inside of people

因為這時候人體內置的設備

started to have networking capabilities.

開始具備聯網功能。

One thing that brings us close to home is we look

Dick Cheney的設備可以讓我們更好的理解這一點，

at Dick Cheney's device, he had a device that

Dick Cheney的設備可以讓我們更好的理解這一點，

pumped blood from an aorta to another part of the heart,

這個設備負責將血液從一個大動脈 輸送到心臟的另一個腔體，

and as you can see at the bottom there,

就像你看到的，圖中的底部，

it was controlled by a computer controller,

一個電腦控制器控制著整個設備，

and if you ever thought that software liability

如果你認爲這個軟體控制很重要

was very important, get one of these inside of you.

你可以自己裝一個。

Now what a research team did was they got their hands

現在一個研究小組手頭上的工作

on what's called an ICD.

是研究一個稱為ICD的設備。 （ICD，植入式心臟去顫器)

This is a defibrillator, and this is a device

這是一個心律去顫器，植入人體後

that goes into a person to control their heart rhythm,

控制自己的心臟節律，

and these have saved many lives.

已經挽救了許多人的生命。

Well, in order to not have to open up the person

為了不對人進行重新手術

every time you want to reprogram their device

就可以每次重新設定他們的設備，

or do some diagnostics on it, they made the thing be able

或者做一些診斷，這個設備能夠進行無線通訊，

to communicate wirelessly, and what this research team did

而這個研究小組所做的是

is they reverse engineered the wireless protocol,

他們逆向工程無線協定，

and they built the device you see pictured here,

做了個小設備，你在這裏看得到，

with a little antenna, that could talk the protocol

帶一個小的天線，會使用協定和ICD通信，

to the device, and thus control it.

從而控制它。

In order to make their experience real -- they were unable

為了使他們的實驗更真實

to find any volunteers, and so they went

-由於他們無法找到任何的志願者-於是他們找到了一些

and they got some ground beef and some bacon

碎牛肉和一些臘肉，

and they wrapped it all up to about the size

包成該設備將去的人體部位的大小，

of a human being's area where the device would go,

包成該設備將去的人體部位的大小，

and they stuck the device inside it

然後把設備塞進去來做實驗,

to perform their experiment somewhat realistically.

為了使實驗更加接近真實情況。

They launched many, many successful attacks.

他們完成了許多許多次成功的攻擊。

One that I'll highlight here is changing the patient's name.

在這裏我還是要強調的是改變病人的名字。

I don't know why you would want to do that,

我不知道你為什麼會想這樣做，

but I sure wouldn't want that done to me.

但我肯定不會想，這樣的事發生在我身上。

And they were able to change therapies,

他們能夠改變的治療方法，

including disabling the device -- and this is with a real,

包括停用此設備 --這是一個真正的，

commercial, off-the-shelf device --

商業的，現成的設備

simply by performing reverse engineering and sending

只需通過執行逆向工程和發送

wireless signals to it.

無線信號就能控制它。可怕吧？

There was a piece on NPR that some of these ICDs

NPR上有個片段講的是有些ICD

could actually have their performance disrupted

的功能竟然會被干擾，

simply by holding a pair of headphones onto them.

只要簡單地把一對耳機放到它上面就發生了。

Now, wireless and the Internet

現在，無線和網路可以

can improve health care greatly.

大大提高醫療水準。

There's several examples up on the screen

在螢幕上有幾個例子，

of situations where doctors are looking to implant devices

醫生正在植入設備到人體，

inside of people, and all of these devices now,

而其所有的這些設備現在

it's standard that they communicate wirelessly,

標準化了，之間可以互相進行無線通訊，

and I think this is great,

我認為這是很好的，

but without a full understanding of trustworthy computing,

但沒有一個對可信任計算的完全理解，

and without understanding what attackers can do

沒有意識到攻擊者可以做什麼

and the security risks from the beginning,

和安全風險從一開始就存在的話，

there's a lot of danger in this.

這就有很多危險了。

Okay, let me shift gears and show you another target.

好吧，讓我換個話題，告訴你另一個目標

I'm going to show you a few different targets like this,

接下來我要告訴你幾個不同的目標，

and that's my talk. So we'll look at automobiles.

這就是我的談話。所以，我們來看看汽車吧。

This is a car, and it has a lot of components,

這是一輛汽車，現在它有很多零部件，

a lot of electronics in it today.

很多的電子產品。

In fact, it's got many, many different computers inside of it,

事實上，它有很多，很多不同的電腦在裏面，

more Pentiums than my lab did when I was in college,

比我當年在大學的實驗室更多的處理器，

and they're connected by a wired network.

他們通過有線網路連接。

There's also a wireless network in the car,

而且在車上還有一個無線網路，

which can be reached from many different ways.

它可以從許多不同的方式接入。

So there's Bluetooth, there's the FM and XM radio,

有藍牙， FM和XM廣播，

there's actually wi-fi, there's sensors in the wheels

有的竟然還有Wi-Fi ，輪胎上的感測器

that wirelessly communicate the tire pressure

通過無線通信將氣壓值傳送給

to a controller on board.

主板上的控制器。

The modern car is a sophisticated multi-computer device.

當今的汽車是一個複雜的多電腦設備。

And what happens if somebody wanted to attack this?

那麼如果有人想攻擊它會發生什麼呢？

Well, that's what the researchers

嗯，這就是我今天要談的

that I'm going to talk about today did.

研究人員已經實現了什麼。

They basically stuck an attacker on the wired network

他們在有線網路和無線網路上放置了

and on the wireless network.

攻擊設備。

Now, they have two areas they can attack.

現在，他們有兩個區域可以攻擊。

One is short-range wireless, where you can actually

一個是短距離無線通訊，

communicate with the device from nearby,

在這裏你可以與附近的設備進行通信，

either through Bluetooth or wi-fi,

通過藍牙或Wi-Fi。

and the other is long-range, where you can communicate

另一種是遠距離無線通訊，

with the car through the cellular network,

通過蜂窩網路

or through one of the radio stations.

或通過一個廣播電臺。

Think about it. When a car receives a radio signal,

想像一下，當一輛車接收無線電信號時，

it's processed by software.

信號交給軟體處理。

That software has to receive and decode the radio signal,

該軟體接收和解碼無線電信號，

and then figure out what to do with it,

然後確定如何處理，

even if it's just music that it needs to play on the radio,

即使它只是音樂信號，也要交給收音機去播放，

and that software that does that decoding,

如果這個解碼軟體有

if it has any bugs in it, could create a vulnerability

任何的漏洞，那麼就成為有人破解車的

for somebody to hack the car.

攻擊點。

The way that the researchers did this work is,

研究人員做這項工作的方式是

they read the software in the computer chips

他們從車載電腦中讀出軟體，

that were in the car, and then they used sophisticated

然後他們用先進

reverse engineering tools

的逆向工程工具

to figure out what that software did,

弄清楚軟體做了什麼，

and then they found vulnerabilities in that software,

然後他們發現該軟體中的漏洞，

and then they built exploits to exploit those.

然後他們利用這些漏洞建立了一些開拓工具。

They actually carried out their attack in real life.

他們在實際環境下進行他們的攻擊實驗。

They bought two cars, and I guess

他們買了兩輛車，我想

they have better budgets than I do.

他們有比我更好的預算。

The first threat model was to see what someone could do

第一個威脅模型是看

if an attacker actually got access

如果一個攻擊者獲得到

to the internal network on the car.

內部網路的連接,他可以做什麼

Okay, so think of that as, someone gets to go to your car,

嗯，大家這樣想一下，有人進到你的車裏，

they get to mess around with it, and then they leave,

把裏面的設備搞得一團糟，然後他們離開，

and now, what kind of trouble are you in?

而現在，你陷入了什麼樣的麻煩？

The other threat model is that they contact you

另一個威脅模型是，

in real time over one of the wireless networks

他們通過無線網路，

like the cellular, or something like that,

如蜂窩電話，或類似的東西，即時地與您和車搭上線，

never having actually gotten physical access to your car.

但從來沒有通過物理方式接觸你的車。

This is what their setup looks like for the first model,

這就是看起來像第一種模式的設備，

where you get to have access to the car.

需要進入車內。

They put a laptop, and they connected to the diagnostic unit

他們放置一台筆記本電腦， 並連接車內網路的診斷模組，

on the in-car network, and they did all kinds of silly things,

然後他們做了各種愚蠢的事情，

like here's a picture of the speedometer

就像這張圖片，車速里程表

showing 140 miles an hour when the car's in park.

顯示140公里的時速，但是汽車實際上是在駐車狀態。

Once you have control of the car's computers,

一旦你擁有汽車電腦的控制，

you can do anything.

你可以做任何事情。

Now you might say, "Okay, that's silly."

現在，你可能會說： “噢，這太愚蠢了。”

Well, what if you make the car always say

那麼，如果您的車總顯示20英里的時速，

it's going 20 miles an hour slower than it's actually going?

比它實際的速度低，這會怎麼樣？

You might produce a lot of speeding tickets.

您可能會產生大量超速行駛的罰單。

Then they went out to an abandoned airstrip with two cars,

然後，他們帶了兩輛車去了一個廢棄的飛機跑道，

the target victim car and the chase car,

目標受害車和主動攻擊車，

and they launched a bunch of other attacks.

然後他們實施了一堆其他的攻擊。

One of the things they were able to do from the chase car

從攻擊車裏他們能夠做到的事情之一

is apply the brakes on the other car,

是操作另一輛汽車的刹車，

simply by hacking the computer.

只需通過入侵該車的電腦。

They were able to disable the brakes.

他們可以禁用制動器。

They also were able to install malware that wouldn't kick in

他們還能夠安裝惡意軟體，

and wouldn't trigger until the car was doing something like

通常情況下這個軟體不會被觸發，直至如車輛

going over 20 miles an hour, or something like that.

時速超過每小時20英里，或類似的情況。

The results are astonishing, and when they gave this talk,

結果是驚人的，而當他們進行公開講座時，

even though they gave this talk at a conference

即使他們的講座的觀眾是

to a bunch of computer security researchers,

一堆的電腦安全研究人員，

everybody was gasping.

每個人都倒抽一口涼氣。

They were able to take over a bunch of critical computers

他們能夠接管車內一堆的關鍵電腦：

inside the car: the brakes computer, the lighting computer,

如刹車電腦，照明電腦，

the engine, the dash, the radio, etc.,

發動機電腦，儀錶電腦，無線電電腦等，

and they were able to perform these on real commercial

他們是能夠執行這些惡意程式 在他們購買的市場上

cars that they purchased using the radio network.

已有的商用汽車上，通過使用無線網路。

They were able to compromise every single one of the

他們能夠攻擊車上每一個

pieces of software that controlled every single one

帶有無線功能的模組軟體

of the wireless capabilities of the car.

的任何一部分。

All of these were implemented successfully.

所有這些都已成功實施。

How would you steal a car in this model?

在這個模型中，你會如何偷一輛車？

Well, you compromise the car by a buffer overflow

好了，你可以通過車載軟體的緩衝區溢出漏洞

of vulnerability in the software, something like that.

來攻擊，或者類似的東西。

You use the GPS in the car to locate it.

您使用車裏的GPS來定位它。

You remotely unlock the doors through the computer

您通過電腦控制遠端解鎖，

that controls that, start the engine, bypass anti-theft,

啟動引擎，繞過防盜系統，

and you've got yourself a car.

然後你就為自己搞到一輛車。

Surveillance was really interesting.

監控這個過程是非常有趣的。

The authors of the study have a video where they show

這項研究的作者有一個視頻在那裏展示

themselves taking over a car and then turning on

他們自己入侵了汽車，

the microphone in the car, and listening in on the car

然後打開車裏的麥克風，並進行監聽，

while tracking it via GPS on a map,

同時通過GPS在地圖上跟蹤它

and so that's something that the drivers of the car

還做了一些類似的事情，但汽車裏的駕駛員

would never know was happening.

永遠也不會知道發生了什麼。

Am I scaring you yet?

我嚇著你了嗎？

I've got a few more of these interesting ones.

我還有有幾個這些有趣的例子。

These are ones where I went to a conference,

我有一次去參加一個會議，

and my mind was just blown, and I said,

然後我完全被驚呆了，

"I have to share this with other people."

然後我說：“我要與其他人分享這些事情。

This was Fabian Monrose's lab

這是Fabian Monrose

at the University of North Carolina, and what they did was

在北卡羅萊納大學的實驗室，

something intuitive once you see it,

他們研究的是你看到的直觀的普通事物，

but kind of surprising.

但結果是令人驚訝的。

They videotaped people on a bus,

他們在公共汽車上對人進行錄影，

and then they post-processed the video.

然後進行後期處理。

What you see here in number one is a

你在這裏看到的第一個圖是在某個人

reflection in somebody's glasses of the smartphone

的眼鏡中反射的智慧手機在

that they're typing in.

打字的圖像

They wrote software to stabilize --

他們用軟體以穩定

even though they were on a bus

- 即使他們是在公共汽車上（來回晃動），

and maybe someone's holding their phone at an angle --

或者有人在一個角度拿著自己的手機

to stabilize the phone, process it, and

穩定電話圖像，處理圖像，然

you may know on your smartphone, when you type

後你可能知道了，在您的智慧手機上，

a password, the keys pop out a little bit, and they were able

當你輸入一個密碼，字母會彈出一會兒，

to use that to reconstruct what the person was typing,

然後他們就能用它來重建剛才輸入的資訊。

and had a language model for detecting typing.

並且他們有一個語言模型。

What was interesting is, by videotaping on a bus,

很有趣的是，通過在公共汽車上錄影，

they were able to produce exactly what people

他們能夠精確地得知人們在他們的

on their smartphones were typing,

智慧手機打的字，

and then they had a surprising result, which is that