Placeholder Image

字幕列表 影片播放

  • Much of what happens at airports tends to feel vaguely illegal if not explicitly so.

    發生在機場的事情常讓人覺得有點不合法,

  • After all, where else in the world can TSA agents grope you with abandon, baggage handlers

    畢竟除了機場其他地方不會有安檢人員對你搜身,

  • receive unrestricted access to your luggage or stores charge you prices so high there's

    行李處理員也能對你的行李做任何事、或是機場商店收費甚高,

  • a good chance you'll come down with altitude sickness?

    你也可能因為機場所在地海拔高得到高山症,

  • But on top of the over-the-top fees, underhanded luggage handlers, and handsy TSA agents, there's

    但除了高額收費、狡猾的行李管理員、摸來摸去的安檢人員,

  • yet another far less obvious threat you have to worry about at airports: the USB ports.

    機場還有另一個風險,雖不明顯,但很讓人擔憂,也就是 USB 插口,

  • It turns out that the seemingly harmless activity of charging your smartphone at a public kiosk

    事實證明把手機充電線插入公用充電孔儘管看似無害,

  • can leave you vulnerable to cyber crime.

    卻會讓你容易成為網路犯罪的受害者。

  • So what's the problem?

    問題出在哪呢?

  • In a couple of words: "juice jacking."

    用幾個字概括就是:「果汁劫持」,

  • "Speak English, doc, we ain't scientists!"

    「博士,講中文好嗎?我們又不是科學家!」

  • Now, juice jacking may sound like a particularly seductive way to squeeze an orange, but really,

    果汁偷竊聽起來像個榨橘子汁的好方法,

  • it's a whole different kind of naughty.

    但這可不是玩笑話,

  • How-to Geek explains that because your smartphones use the same USB cable for charging and transmitting

    「極客二三事」雜誌解釋:智慧型手機充電與資料傳輸是經由同一條 USB 線,

  • data, hackers can access information on your phone or upload malware via the USB port while

    因此你在充手機時,

  • you're charging your device.

    駭客可以藉由 USB 孔取得你的手機資訊或植入惡意軟體,

  • Hence, they're hijacking your phone as it replenishes its energy, or "juice".

    因此充電過程中,他們能劫持你的手機,像榨汁一樣把手機榨乾,

  • And unfortunately, juice jacking isn't all that difficult or time-consuming for hackers

    不幸的是,果汁劫持對駭客來說

  • to do.

    一點都不難,也不需要花很多時間,

  • Speaking at a BlackHat security conference in 2016, researchers Billy Lau, YeongJin Jang,

    2016 年的美國黑帽資安大會上,研究員劉比利、張永振、

  • and Chengyu Song described:

    與宋成佑描述:

  • "We demonstrate how an iOS device can be compromised within one minute of being plugged into a

    我們發現蘋果 iOS 裝置插入惡意充電器後,

  • malicious charger.

    可以在一分鐘內被攻陷,

  • We show how an attacker can hide their software in the same way Apple hides its own built-in

    也發現駭客隱藏惡意軟體的方法

  • applications."

    跟蘋果隱藏內建 APP 的方法一樣,

  • These three researchers had previously built a juice jacking device out of a small computer

    這三位研究員先前就用一台小電腦製作出果汁劫持裝置,名為 BeagleBoard,

  • known as a BeagleBoard, which can be purchased for as little as $45, showing just how easily

    用 45 美元 ( 約 1400 元台幣) 就能買到,由此可知一名夠聰明的駭客

  • a sufficiently shrewd hacker could give themselves the means to get inside your phone.

    以簡單方法就能輕易取得你的手機資訊,

  • Alarmingly, a BeagleBoard is just about small enough to fit right inside a USB hub or charging

    令人擔憂的是,BeagleBoard 非常小,可以放在 USB 集線器或是

  • dock.

    充電座裡,

  • To make matters worse, even after you've unplugged your device from the compromised cable, the

    更慘的是,即使將裝置從被惡意軟體入侵的充電線拔除,

  • kiosk you just used to recharge your iPhone can retain a Wi-Fi connection with your disconnected

    先前用來充 iPhone 手機的充電座仍可以和你的 iOS 裝置

  • iOS device.

    保持 Wi-Fi 連線,

  • That means that once a hacker has gotten a foot in the door, they could potentially open

    也就是說一旦駭客攻進你的手機,

  • the electronic floodgates.

    就可能會打開電子閘門,取得更多資訊,

  • How-to Geek calls juice jacking "a largely theoretical threat" with "a very low" probability

    「極客二三事」表示果汁劫持可能只存在於理論,

  • of occurring at an airport kiosk you might use.

    發生在機場充電座的機會很小,

  • But the Vice President of X-Force Threat Intelligence at IBM Security, Caleb Barlow, has warned

    但是 IBM 資安部 X-Force 威脅情報平台的副總裁凱勒巴洛

  • that:

    曾經警告:

  • "Plugging into a public USB port is kind of like finding a toothbrush on the side of the

    使用公用 USB 孔就等於在路上發現一支牙刷

  • road and deciding to stick it in your mouth.

    就決定放到嘴裡,

  • You have no idea where that thing has been."

    你根本不知道那支牙刷有碰到什麼,

  • To protect your phone from being broken into by malicious airside parties, Barlow recommends

    若要保護手機不被候機區的惡意軟體入侵,

  • investing in a device called a Juice-Jack Defender, which is a kind of protective dongle

    巴洛推薦我們購買一個叫「果汁劫持防禦者」的裝置,

  • you put in front of your charging cord.

    是插在充電線前面的保護裝置,

  • Similarly, Harvard University's Bruce Schneier suggests using the so-called USB Condom when

    同樣地,哈佛大學教授布魯斯斯奈爾建議我們用機場充電座時

  • charging your phone at airport kiosks.

    使用「USB 保險套」,

  • Alternatively, you could pack a portable battery or personal charger, and avoid using the charging

    另外你也可以準備攜帶式電池或個人充電器,

  • kiosk altogether.

    避免使用公共充電座,

  • In case you take your chances with an airport kiosk and want to use protection, Krebs on

    萬一你想冒險使用充電座並需要防護措施,

  • Security reviewed the Juice-Jack Defender and the USB Condom, both of which are designed

    知名資安部落格 Krebs on Security 評論果汁劫持防護者與 USB 保險套,

  • to thwart would-be juice jackers.

    認為兩個裝置都是為了阻擋潛在的果汁劫持者,

  • Describing the devices as "prophylactics," Krebs notes that both are equipped "with male

    作者布萊恩克烈伯把它們比喻成避孕工具,指出兩個裝置在兩端都有類似

  • and female USB adapters at either end" and are functionally "indistinguishable" despite

    男女性器官的 USB 接孔,功能上大同小異,

  • "slight" differences in size, shape, and texture.

    不過大小、形狀和材質有些不同。

  • But that's not to say they're totally identical.

    但兩個裝置也不完全相同,

  • According to Krebs, the Juice-Jack Defender is a little smaller than the USB Condom, but

    根據克烈伯,電池劫持防護者比 USB 保險套小一點,

  • what it lacks in size, it makes up for in durability.

    小歸小,卻比較耐用,

  • Meanwhile, however, the USB Condom seemed a bit more likely to stop working altogether.

    另一個裝置─ USB 保險套比較無法同時使用,

  • So while these two devices do have a few minor differences, these seem to be mostly negligible,

    所以雖然兩個小裝置有些微不同,這些差異基本上可以忽略,

  • and each should prove effective in ensuring that your phone won't come down with a nasty

    你在機場使用充電座時,兩者都可以有效保護手機

  • virus next time you're hanging out at the airport.

    不被惡意病毒入侵,

  • Check out one of our newest videos right here!

    來這裡看看我們最新的影片吧!

  • Plus, even more Grunge videos about your favorite stuff are coming soon.

    而且 Grunge 頻道近期會發布更多影片,介紹你們感興趣的東西,

  • Subscribe to our YouTube channel and hit the bell so you don't miss a single one.

    請訂閱我們的頻道,記得點擊 YouTube 的鈴鐺圖示,才不會錯過新影片。

Much of what happens at airports tends to feel vaguely illegal if not explicitly so.

發生在機場的事情常讓人覺得有點不合法,

字幕與單字

單字即點即查 點擊單字可以查詢單字解釋