ABOUT THE SPEAKER
Avi Rubin - Computer security expert
Avi Rubin is a professor of computer science and director of the Health and Medical Security Lab at Johns Hopkins University. His research is focused on the security of electronic records -- including medical and voting records.

Why you should listen

Along with running the Health and Medical Security Lab, Avi Rubin is also the technical director of the JHU Information Security Institute. From 1997 to 2002, Avi was a researcher in AT&T’s Secure Systems Department, where he focused on cryptography and network security. He is also the founder of Harbor Labs, which provides expert testimony and review in legal cases related to high tech security. Avi has authored several books related to electronic security, including Brave New Ballot, published in 2006.

More profile about the speaker
Avi Rubin | Speaker | TED.com
TEDxMidAtlantic

Avi Rubin: All your devices can be hacked

Avi Rubin: 你所有的設備都能被黑客入侵

Filmed:
1,251,015 views

他人能入侵你的心臟起搏器嗎?在 TEDxMidAtlantic 上,Avi Rubin 解釋了駭客們如何使我們的汽車、智慧手機和醫療設備淪陷,並警告在駭客所能接觸的領域中,我們日益增長的危險。(錄製於 TEDxMidAtlantic)
- Computer security expert
Avi Rubin is a professor of computer science and director of the Health and Medical Security Lab at Johns Hopkins University. His research is focused on the security of electronic records -- including medical and voting records. Full bio

Double-click the English transcript below to play the video.

00:12
I'm a computer電腦 science科學 professor教授,
0
588
3031
我是一名計算機科學教授,
00:15
and my area of expertise專門知識 is
1
3619
2313
我的專業領域是
00:17
computer電腦 and information信息 security安全.
2
5932
2199
計算機與資訊安全。
00:20
When I was in graduate畢業 school學校,
3
8131
2320
我在研究所的時候,
00:22
I had the opportunity機會 to overhear偷聽 my grandmother祖母
4
10451
2601
有一次碰巧聽到我的祖母
00:25
describing說明 to one of her fellow同伴 senior前輩 citizens公民
5
13052
4134
跟她一位年長的朋友
00:29
what I did for a living活的.
6
17186
2369
聊到我的工作。
00:31
Apparently顯然地, I was in charge收費 of making製造 sure that
7
19555
3562
我的工作顯然是在確保
00:35
no one stole偷了 the computers電腦 from the university大學. (Laughter笑聲)
8
23117
3900
大學裡面的電腦不會被人偷走。(笑聲)
00:39
And, you know, that's a perfectly完美 reasonable合理 thing
9
27017
2744
她會這麼想也不讓人意外,
00:41
for her to think, because I told her I was working加工
10
29761
1920
因為我告訴她
00:43
in computer電腦 security安全,
11
31681
1507
我的工作是關於計算機安全,
00:45
and it was interesting有趣 to get her perspective透視.
12
33188
3597
她的聯想力真的很有意思。
00:48
But that's not the most ridiculous荒謬 thing I've ever heard聽說
13
36785
2617
但是,這還不是別人對我的工作的解釋
00:51
anyone任何人 say about my work.
14
39402
2017
最好笑的一個。
00:53
The most ridiculous荒謬 thing I ever heard聽說 is,
15
41419
2284
我聽過最好笑的一次是,
00:55
I was at a dinner晚餐 party派對, and a woman女人 heard聽說
16
43703
3134
在一次晚宴上,
00:58
that I work in computer電腦 security安全,
17
46837
1783
一位女士聽到我是從事計算機安全的,
01:00
and she asked me if -- she said her computer電腦 had been
18
48620
3517
於是她向我諮詢,她說她的電腦中毒了,
01:04
infected感染 by a virus病毒, and she was very concerned關心 that she
19
52137
3436
她非常擔心她可能會生病,
01:07
might威力 get sick生病 from it, that she could get this virus病毒. (Laughter笑聲)
20
55573
3951
因為她可能會感染同樣的病毒。(笑聲)
01:11
And I'm not a doctor醫生, but I reassured放心 her
21
59524
2943
我不是醫生,但是我向她保證
01:14
that it was very, very unlikely不會 that this would happen發生,
22
62467
3144
這個可能性微乎其微,
01:17
but if she felt more comfortable自在, she could be free自由 to use
23
65611
2801
但是如果她還是不放心,
01:20
latex膠乳 gloves手套 when she was on the computer電腦,
24
68412
1848
可以在使用電腦的時候戴上橡膠手套,
01:22
and there would be no harm危害 whatsoever任何 in that.
25
70260
3392
這樣就肯定萬無一失了。
01:25
I'm going to get back to this notion概念 of being存在 able能夠 to get
26
73652
2507
言歸正傳,接下來我要認真地
01:28
a virus病毒 from your computer電腦, in a serious嚴重 way.
27
76159
3508
談談如何避免電腦病毒。
01:31
What I'm going to talk to you about today今天
28
79667
1640
我今天要跟你們聊的是有關
01:33
are some hacks黑客, some real真實 world世界 cyberattacks網絡攻擊 that people
29
81307
4846
在我所從事的研究領域中
01:38
in my community社區, the academic學術的 research研究 community社區,
30
86153
2554
發生的一些駭客及網路攻擊問題,
01:40
have performed執行, which哪一個 I don't think
31
88707
2794
我相信這些是
01:43
most people know about,
32
91501
1208
大部分人都不了解的,
01:44
and I think they're very interesting有趣 and scary害怕,
33
92709
3028
並且我認為這些是既有意思又讓人害怕的,
01:47
and this talk is kind of a greatest最大 hits點擊
34
95737
2441
而這次談話的內容
01:50
of the academic學術的 security安全 community's社區 hacks黑客.
35
98178
2991
就是關於安全領域的經典案例。
01:53
None沒有 of the work is my work. It's all work
36
101169
1987
這些事情不是發生在我身上。
01:55
that my colleagues同事 have doneDONE, and I actually其實 asked them
37
103156
2174
這些都是我同事做的研究,而我請他們
01:57
for their slides幻燈片 and incorporated合併 them into this talk.
38
105330
2557
提供一些資料加到這次談話中。
01:59
So the first one I'm going to talk about
39
107887
1742
接下來首先我要講的是
02:01
are implanted植入 medical devices設備.
40
109629
2674
體內植入醫療設備。
02:04
Now medical devices設備 have come a long way technologically技術.
41
112303
3040
現在的醫療設備已經在技術方面發展了很多年。
02:07
You can see in 1926 the first pacemaker起搏器 was invented發明.
42
115343
3856
大家從螢幕上可以看到
在1926年,第一個外置心臟起搏器被發明。
02:11
1960, the first internal內部 pacemaker起搏器 was implanted植入,
43
119199
3552
1960年第一個內置起搏器被植入人體,
02:14
hopefully希望 a little smaller than that one that you see there,
44
122751
2552
如大家所願這個東西體積減少了很多,
02:17
and the technology技術 has continued繼續 to move移動 forward前鋒.
45
125303
2968
並且技術還在不斷的進步。
02:20
In 2006, we hit擊中 an important重要 milestone里程碑 from the perspective透視
46
128271
4633
到2006年,從電腦安全角度來說
02:24
of computer電腦 security安全.
47
132904
3167
我們達到了一個重要的里程碑
02:28
And why do I say that?
48
136071
1341
為什麼為這麼說?
02:29
Because that's when implanted植入 devices設備 inside of people
49
137412
2890
因為這時候人體內置的設備
02:32
started開始 to have networking聯網 capabilities功能.
50
140302
2745
開始具備聯網功能。
02:35
One thing that brings帶來 us close to home is we look
51
143047
1880
Dick Cheney的設備可以讓我們更好的理解這一點,
02:36
at Dick迪克 Cheney's切尼 device設備, he had a device設備 that
52
144927
2705
Dick Cheney的設備可以讓我們更好的理解這一點,
02:39
pumped blood血液 from an aorta大動脈 to another另一個 part部分 of the heart,
53
147632
3869
這個設備負責將血液從一個大動脈
輸送到心臟的另一個腔體,
02:43
and as you can see at the bottom底部 there,
54
151501
1183
就像你看到的,圖中的底部,
02:44
it was controlled受控 by a computer電腦 controller調節器,
55
152684
3009
一個電腦控制器控制著整個設備,
02:47
and if you ever thought that software軟件 liability責任
56
155693
2517
如果你認爲這個軟體控制很重要
02:50
was very important重要, get one of these inside of you.
57
158210
3589
你可以自己裝一個。
02:53
Now what a research研究 team球隊 did was they got their hands
58
161799
3695
現在一個研究小組手頭上的工作
02:57
on what's called an ICDICD.
59
165494
1420
是研究一個稱為ICD的設備。
(ICD,植入式心臟去顫器)
02:58
This is a defibrillator除顫器, and this is a device設備
60
166914
2070
這是一個心律去顫器,植入人體後
03:00
that goes into a person to control控制 their heart rhythm韻律,
61
168984
4336
控制自己的心臟節律,
03:05
and these have saved保存 many許多 lives生活.
62
173320
2338
已經挽救了許多人的生命。
03:07
Well, in order訂購 to not have to open打開 up the person
63
175658
2472
為了不對人進行重新手術
03:10
every一切 time you want to reprogram重新編程 their device設備
64
178130
2194
就可以每次重新設定他們的設備,
03:12
or do some diagnostics診斷 on it, they made製作 the thing be able能夠
65
180324
2455
或者做一些診斷,這個設備能夠進行無線通訊,
03:14
to communicate通信 wirelessly無線, and what this research研究 team球隊 did
66
182779
3102
而這個研究小組所做的是
03:17
is they reverse相反 engineered工程 the wireless無線 protocol協議,
67
185881
2610
他們逆向工程無線協定,
03:20
and they built內置 the device設備 you see pictured合照 here,
68
188491
1872
做了個小設備,你在這裏看得到,
03:22
with a little antenna天線, that could talk the protocol協議
69
190363
2760
帶一個小的天線,會使用協定和ICD通信,
03:25
to the device設備, and thus從而 control控制 it.
70
193123
4475
從而控制它。
03:29
In order訂購 to make their experience經驗 real真實 -- they were unable無法
71
197598
2689
為了使他們的實驗更真實
03:32
to find any volunteers志願者, and so they went
72
200287
2472
-由於他們無法找到任何的志願者-於是他們找到了一些
03:34
and they got some ground地面 beef牛肉 and some bacon培根
73
202759
2144
碎牛肉和一些臘肉,
03:36
and they wrapped包裹 it all up to about the size尺寸
74
204903
1788
包成該設備將去的人體部位的大小,
03:38
of a human人的 being's是的 area where the device設備 would go,
75
206691
2798
包成該設備將去的人體部位的大小,
03:41
and they stuck卡住 the device設備 inside it
76
209489
1454
然後把設備塞進去來做實驗,
03:42
to perform演出 their experiment實驗 somewhat有些 realistically現實.
77
210943
3132
為了使實驗更加接近真實情況。
03:46
They launched推出 many許多, many許多 successful成功 attacks攻擊.
78
214075
3020
他們完成了許多許多次成功的攻擊。
03:49
One that I'll highlight突出 here is changing改變 the patient's耐心 name名稱.
79
217095
3056
在這裏我還是要強調的是改變病人的名字。
03:52
I don't know why you would want to do that,
80
220151
993
我不知道你為什麼會想這樣做,
03:53
but I sure wouldn't不會 want that doneDONE to me.
81
221144
2104
但我肯定不會想,這樣的事發生在我身上。
03:55
And they were able能夠 to change更改 therapies治療,
82
223248
2331
他們能夠改變的治療方法,
03:57
including包含 disabling禁用 the device設備 -- and this is with a real真實,
83
225579
2495
包括停用此設備 --這是一個真正的,
04:00
commercial廣告, off-the-shelf現成的 device設備 --
84
228074
1896
商業的,現成的設備
04:01
simply只是 by performing執行 reverse相反 engineering工程 and sending發出
85
229970
2046
只需通過執行逆向工程和發送
04:04
wireless無線 signals信號 to it.
86
232016
2989
無線信號就能控制它。可怕吧?
04:07
There was a piece on NPR美國國家公共電台 that some of these ICDs心臟除顫器
87
235005
3580
NPR上有個片段講的是有些ICD
04:10
could actually其實 have their performance性能 disrupted破壞
88
238585
2422
的功能竟然會被干擾,
04:13
simply只是 by holding保持 a pair of headphones頭戴耳機 onto them.
89
241007
3651
只要簡單地把一對耳機放到它上面就發生了。
04:16
Now, wireless無線 and the Internet互聯網
90
244658
1409
現在,無線和網路可以
04:18
can improve提高 health健康 care關心 greatly非常.
91
246067
1652
大大提高醫療水準。
04:19
There's several一些 examples例子 up on the screen屏幕
92
247719
2087
在螢幕上有幾個例子,
04:21
of situations情況 where doctors醫生 are looking to implant注入 devices設備
93
249806
3107
醫生正在植入設備到人體,
04:24
inside of people, and all of these devices設備 now,
94
252913
2865
而其所有的這些設備現在
04:27
it's standard標準 that they communicate通信 wirelessly無線,
95
255778
3125
標準化了,之間可以互相進行無線通訊,
04:30
and I think this is great,
96
258903
1412
我認為這是很好的,
04:32
but without a full充分 understanding理解 of trustworthy可靠 computing計算,
97
260315
3105
但沒有一個對可信任計算的完全理解,
04:35
and without understanding理解 what attackers攻擊者 can do
98
263420
2407
沒有意識到攻擊者可以做什麼
04:37
and the security安全 risks風險 from the beginning開始,
99
265827
2147
和安全風險從一開始就存在的話,
04:39
there's a lot of danger危險 in this.
100
267974
2390
這就有很多危險了。
04:42
Okay, let me shift轉移 gears齒輪 and show顯示 you another另一個 target目標.
101
270364
1477
好吧,讓我換個話題,告訴你另一個目標
04:43
I'm going to show顯示 you a few少數 different不同 targets目標 like this,
102
271841
2088
接下來我要告訴你幾個不同的目標,
04:45
and that's my talk. So we'll look at automobiles汽車.
103
273929
2917
這就是我的談話。所以,我們來看看汽車吧。
04:48
This is a car汽車, and it has a lot of components組件,
104
276846
2896
這是一輛汽車,現在它有很多零部件,
04:51
a lot of electronics電子產品 in it today今天.
105
279742
1620
很多的電子產品。
04:53
In fact事實, it's got many許多, many許多 different不同 computers電腦 inside of it,
106
281362
4377
事實上,它有很多,很多不同的電腦在裏面,
04:57
more Pentiums奔騰 than my lab實驗室 did when I was in college學院,
107
285739
3155
比我當年在大學的實驗室更多的處理器,
05:00
and they're connected連接的 by a wired有線 network網絡.
108
288894
3639
他們通過有線網路連接。
05:04
There's also a wireless無線 network網絡 in the car汽車,
109
292533
3431
而且在車上還有一個無線網路,
05:07
which哪一個 can be reached到達 from many許多 different不同 ways方法.
110
295964
3233
它可以從許多不同的方式接入。
05:11
So there's Bluetooth藍牙, there's the FM調頻 and XMXM radio無線電,
111
299197
3701
有藍牙, FM和XM廣播,
05:14
there's actually其實 wi-fi無線上網, there's sensors傳感器 in the wheels車輪
112
302898
2820
有的竟然還有Wi-Fi ,輪胎上的感測器
05:17
that wirelessly無線 communicate通信 the tire pressure壓力
113
305718
2153
通過無線通信將氣壓值傳送給
05:19
to a controller調節器 on board.
114
307871
1806
主板上的控制器。
05:21
The modern現代 car汽車 is a sophisticated複雜的 multi-computer多計算機 device設備.
115
309677
4918
當今的汽車是一個複雜的多電腦設備。
05:26
And what happens發生 if somebody wanted to attack攻擊 this?
116
314595
3322
那麼如果有人想攻擊它會發生什麼呢?
05:29
Well, that's what the researchers研究人員
117
317917
1317
嗯,這就是我今天要談的
05:31
that I'm going to talk about today今天 did.
118
319234
1871
研究人員已經實現了什麼。
05:33
They basically基本上 stuck卡住 an attacker攻擊者 on the wired有線 network網絡
119
321105
2977
他們在有線網路和無線網路上放置了
05:36
and on the wireless無線 network網絡.
120
324082
2322
攻擊設備。
05:38
Now, they have two areas they can attack攻擊.
121
326404
2699
現在,他們有兩個區域可以攻擊。
05:41
One is short-range短距離 wireless無線, where you can actually其實
122
329103
2038
一個是短距離無線通訊,
05:43
communicate通信 with the device設備 from nearby附近,
123
331141
1781
在這裏你可以與附近的設備進行通信,
05:44
either through通過 Bluetooth藍牙 or wi-fi無線上網,
124
332922
2137
通過藍牙或Wi-Fi。
05:47
and the other is long-range長距離, where you can communicate通信
125
335059
2174
另一種是遠距離無線通訊,
05:49
with the car汽車 through通過 the cellular細胞的 network網絡,
126
337233
1782
通過蜂窩網路
05:51
or through通過 one of the radio無線電 stations.
127
339015
1960
或通過一個廣播電臺。
05:52
Think about it. When a car汽車 receives收到 a radio無線電 signal信號,
128
340975
3049
想像一下,當一輛車接收無線電信號時,
05:56
it's processed處理 by software軟件.
129
344024
2201
信號交給軟體處理。
05:58
That software軟件 has to receive接收 and decode解碼 the radio無線電 signal信號,
130
346225
3061
該軟體接收和解碼無線電信號,
06:01
and then figure數字 out what to do with it,
131
349286
1119
然後確定如何處理,
06:02
even if it's just music音樂 that it needs需求 to play on the radio無線電,
132
350405
3024
即使它只是音樂信號,也要交給收音機去播放,
06:05
and that software軟件 that does that decoding解碼,
133
353429
2268
如果這個解碼軟體有
06:07
if it has any bugs蟲子 in it, could create創建 a vulnerability漏洞
134
355697
3093
任何的漏洞,那麼就成為有人破解車的
06:10
for somebody to hack the car汽車.
135
358790
3035
攻擊點。
06:13
The way that the researchers研究人員 did this work is,
136
361825
2952
研究人員做這項工作的方式是
06:16
they read the software軟件 in the computer電腦 chips芯片
137
364777
4223
他們從車載電腦中讀出軟體,
06:21
that were in the car汽車, and then they used sophisticated複雜的
138
369000
3193
然後他們用先進
06:24
reverse相反 engineering工程 tools工具
139
372193
1414
的逆向工程工具
06:25
to figure數字 out what that software軟件 did,
140
373607
2055
弄清楚軟體做了什麼,
06:27
and then they found發現 vulnerabilities漏洞 in that software軟件,
141
375662
3041
然後他們發現該軟體中的漏洞,
06:30
and then they built內置 exploits戰功 to exploit利用 those.
142
378703
3346
然後他們利用這些漏洞建立了一些開拓工具。
06:34
They actually其實 carried攜帶的 out their attack攻擊 in real真實 life.
143
382049
2382
他們在實際環境下進行他們的攻擊實驗。
06:36
They bought two cars汽車, and I guess猜測
144
384431
1350
他們買了兩輛車,我想
06:37
they have better budgets預算 than I do.
145
385781
2918
他們有比我更好的預算。
06:40
The first threat威脅 model模型 was to see what someone有人 could do
146
388699
2590
第一個威脅模型是看
06:43
if an attacker攻擊者 actually其實 got access訪問
147
391289
2144
如果一個攻擊者獲得到
06:45
to the internal內部 network網絡 on the car汽車.
148
393433
2053
內部網路的連接,他可以做什麼
06:47
Okay, so think of that as, someone有人 gets得到 to go to your car汽車,
149
395486
2603
嗯,大家這樣想一下,有人進到你的車裏,
06:50
they get to mess食堂 around with it, and then they leave離開,
150
398089
2904
把裏面的設備搞得一團糟,然後他們離開,
06:52
and now, what kind of trouble麻煩 are you in?
151
400993
2368
而現在,你陷入了什麼樣的麻煩?
06:55
The other threat威脅 model模型 is that they contact聯繫 you
152
403361
2792
另一個威脅模型是,
06:58
in real真實 time over one of the wireless無線 networks網絡
153
406153
2457
他們通過無線網路,
07:00
like the cellular細胞的, or something like that,
154
408610
2055
如蜂窩電話,或類似的東西,即時地與您和車搭上線,
07:02
never having actually其實 gotten得到 physical物理 access訪問 to your car汽車.
155
410665
4000
但從來沒有通過物理方式接觸你的車。
07:06
This is what their setup建立 looks容貌 like for the first model模型,
156
414665
2824
這就是看起來像第一種模式的設備,
07:09
where you get to have access訪問 to the car汽車.
157
417489
1683
需要進入車內。
07:11
They put a laptop筆記本電腦, and they connected連接的 to the diagnostic診斷 unit單元
158
419172
3387
他們放置一台筆記本電腦,
並連接車內網路的診斷模組,
07:14
on the in-car在車裡 network網絡, and they did all kinds of silly愚蠢 things,
159
422559
2939
然後他們做了各種愚蠢的事情,
07:17
like here's這裡的 a picture圖片 of the speedometer車速表
160
425498
2783
就像這張圖片,車速里程表
07:20
showing展示 140 miles英里 an hour小時 when the car's汽車 in park公園.
161
428281
2816
顯示140公里的時速,但是汽車實際上是在駐車狀態。
07:23
Once一旦 you have control控制 of the car's汽車 computers電腦,
162
431097
2373
一旦你擁有汽車電腦的控制,
07:25
you can do anything.
163
433470
919
你可以做任何事情。
07:26
Now you might威力 say, "Okay, that's silly愚蠢."
164
434389
1616
現在,你可能會說: “噢,這太愚蠢了。”
07:28
Well, what if you make the car汽車 always say
165
436005
1659
那麼,如果您的車總顯示20英里的時速,
07:29
it's going 20 miles英里 an hour小時 slower比較慢 than it's actually其實 going?
166
437664
2741
比它實際的速度低,這會怎麼樣?
07:32
You might威力 produce生產 a lot of speeding超速 tickets門票.
167
440405
2542
您可能會產生大量超速行駛的罰單。
07:34
Then they went out to an abandoned airstrip簡易機場 with two cars汽車,
168
442947
3856
然後,他們帶了兩輛車去了一個廢棄的飛機跑道,
07:38
the target目標 victim受害者 car汽車 and the chase car汽車,
169
446803
2745
目標受害車和主動攻擊車,
07:41
and they launched推出 a bunch of other attacks攻擊.
170
449548
2746
然後他們實施了一堆其他的攻擊。
07:44
One of the things they were able能夠 to do from the chase car汽車
171
452294
2766
從攻擊車裏他們能夠做到的事情之一
07:47
is apply應用 the brakes剎車 on the other car汽車,
172
455060
1974
是操作另一輛汽車的刹車,
07:49
simply只是 by hacking黑客 the computer電腦.
173
457034
1560
只需通過入侵該車的電腦。
07:50
They were able能夠 to disable禁用 the brakes剎車.
174
458594
2431
他們可以禁用制動器。
07:53
They also were able能夠 to install安裝 malware惡意軟件 that wouldn't不會 kick in
175
461025
3178
他們還能夠安裝惡意軟體,
07:56
and wouldn't不會 trigger觸發 until直到 the car汽車 was doing something like
176
464203
2425
通常情況下這個軟體不會被觸發,直至如車輛
07:58
going over 20 miles英里 an hour小時, or something like that.
177
466628
3746
時速超過每小時20英里,或類似的情況。
08:02
The results結果 are astonishing驚人, and when they gave this talk,
178
470374
2758
結果是驚人的,而當他們進行公開講座時,
08:05
even though雖然 they gave this talk at a conference會議
179
473132
1716
即使他們的講座的觀眾是
08:06
to a bunch of computer電腦 security安全 researchers研究人員,
180
474848
1726
一堆的電腦安全研究人員,
08:08
everybody每個人 was gasping喘氣.
181
476574
1700
每個人都倒抽一口涼氣。
08:10
They were able能夠 to take over a bunch of critical危急 computers電腦
182
478274
3699
他們能夠接管車內一堆的關鍵電腦:
08:13
inside the car汽車: the brakes剎車 computer電腦, the lighting燈光 computer電腦,
183
481973
3761
如刹車電腦,照明電腦,
08:17
the engine發動機, the dash短跑, the radio無線電, etc等等.,
184
485734
2827
發動機電腦,儀錶電腦,無線電電腦等,
08:20
and they were able能夠 to perform演出 these on real真實 commercial廣告
185
488561
2293
他們是能夠執行這些惡意程式
在他們購買的市場上
08:22
cars汽車 that they purchased購買 using運用 the radio無線電 network網絡.
186
490854
3027
已有的商用汽車上,通過使用無線網路。
08:25
They were able能夠 to compromise妥協 every一切 single one of the
187
493881
3003
他們能夠攻擊車上每一個
08:28
pieces of software軟件 that controlled受控 every一切 single one
188
496884
2466
帶有無線功能的模組軟體
08:31
of the wireless無線 capabilities功能 of the car汽車.
189
499350
3015
的任何一部分。
08:34
All of these were implemented實施 successfully順利.
190
502365
2513
所有這些都已成功實施。
08:36
How would you steal a car汽車 in this model模型?
191
504878
2352
在這個模型中,你會如何偷一輛車?
08:39
Well, you compromise妥協 the car汽車 by a buffer緩衝 overflow溢出
192
507230
3680
好了,你可以通過車載軟體的緩衝區溢出漏洞
08:42
of vulnerability漏洞 in the software軟件, something like that.
193
510910
2527
來攻擊,或者類似的東西。
08:45
You use the GPS全球定位系統 in the car汽車 to locate定位 it.
194
513437
2203
您使用車裏的GPS來定位它。
08:47
You remotely遠程 unlock開鎖 the doors through通過 the computer電腦
195
515640
2195
您通過電腦控制遠端解鎖,
08:49
that controls控制 that, start開始 the engine發動機, bypass旁路 anti-theft防小偷,
196
517835
3138
啟動引擎,繞過防盜系統,
08:52
and you've got yourself你自己 a car汽車.
197
520973
1668
然後你就為自己搞到一輛車。
08:54
Surveillance監控 was really interesting有趣.
198
522641
2487
監控這個過程是非常有趣的。
08:57
The authors作者 of the study研究 have a video視頻 where they show顯示
199
525128
3209
這項研究的作者有一個視頻在那裏展示
09:00
themselves他們自己 taking服用 over a car汽車 and then turning車削 on
200
528337
2549
他們自己入侵了汽車,
09:02
the microphone麥克風 in the car汽車, and listening in on the car汽車
201
530886
2761
然後打開車裏的麥克風,並進行監聽,
09:05
while tracking追踪 it via通過 GPS全球定位系統 on a map地圖,
202
533647
3351
同時通過GPS在地圖上跟蹤它
09:08
and so that's something that the drivers司機 of the car汽車
203
536998
1713
還做了一些類似的事情,但汽車裏的駕駛員
09:10
would never know was happening事件.
204
538711
2168
永遠也不會知道發生了什麼。
09:12
Am I scaring驚嚇 you yet然而?
205
540879
2134
我嚇著你了嗎?
09:15
I've got a few少數 more of these interesting有趣 ones那些.
206
543013
1943
我還有有幾個這些有趣的例子。
09:16
These are ones那些 where I went to a conference會議,
207
544956
1833
我有一次去參加一個會議,
09:18
and my mind心神 was just blown, and I said,
208
546789
1933
然後我完全被驚呆了,
09:20
"I have to share分享 this with other people."
209
548722
1826
然後我說:“我要與其他人分享這些事情。
09:22
This was Fabian法比安 Monrose'sMonrose的 lab實驗室
210
550548
1623
這是Fabian Monrose
09:24
at the University大學 of North Carolina卡羅來納州, and what they did was
211
552171
3456
在北卡羅萊納大學的實驗室,
09:27
something intuitive直觀的 once一旦 you see it,
212
555627
2075
他們研究的是你看到的直觀的普通事物,
09:29
but kind of surprising奇怪.
213
557702
1714
但結果是令人驚訝的。
09:31
They videotaped錄像 people on a bus總線,
214
559416
2259
他們在公共汽車上對人進行錄影,
09:33
and then they post-processed後處理 the video視頻.
215
561675
2840
然後進行後期處理。
09:36
What you see here in number one is a
216
564515
2463
你在這裏看到的第一個圖是在某個人
09:38
reflection反射 in somebody's某人的 glasses眼鏡 of the smartphone手機
217
566978
4383
的眼鏡中反射的智慧手機在
09:43
that they're typing打字 in.
218
571361
1425
打字的圖像
09:44
They wrote software軟件 to stabilize穩定 --
219
572786
1975
他們用軟體以穩定
09:46
even though雖然 they were on a bus總線
220
574761
1365
- 即使他們是在公共汽車上(來回晃動),
09:48
and maybe someone's誰家 holding保持 their phone電話 at an angle角度 --
221
576126
3211
或者有人在一個角度拿著自己的手機
09:51
to stabilize穩定 the phone電話, process處理 it, and
222
579337
2370
穩定電話圖像,處理圖像,然
09:53
you may可能 know on your smartphone手機, when you type類型
223
581707
1885
後你可能知道了,在您的智慧手機上,
09:55
a password密碼, the keys按鍵 pop流行的 out a little bit, and they were able能夠
224
583592
2939
當你輸入一個密碼,字母會彈出一會兒,
09:58
to use that to reconstruct重建 what the person was typing打字,
225
586531
2840
然後他們就能用它來重建剛才輸入的資訊。
10:01
and had a language語言 model模型 for detecting檢測 typing打字.
226
589371
4321
並且他們有一個語言模型。
10:05
What was interesting有趣 is, by videotaping偷拍 on a bus總線,
227
593692
2335
很有趣的是,通過在公共汽車上錄影,
10:08
they were able能夠 to produce生產 exactly究竟 what people
228
596027
2129
他們能夠精確地得知人們在他們的
10:10
on their smartphones智能手機 were typing打字,
229
598156
2151
智慧手機打的字,
10:12
and then they had a surprising奇怪 result結果, which哪一個 is that
230
600307
2260
然後他們有一個驚人的結果,
10:14
their software軟件 had not only doneDONE it for their target目標,
231
602567
2764
軟體不僅完成對目標的監控分析,
10:17
but other people who accidentally偶然 happened發生
232
605331
1403
而且也把碰巧出現在
10:18
to be in the picture圖片, they were able能夠 to produce生產
233
606734
2086
圖像中的其他人
10:20
what those people had been typing打字, and that was kind of
234
608820
2727
的打字輸入也分析出來了,
10:23
an accidental偶然 artifact神器 of what their software軟件 was doing.
235
611547
3617
這是他們的軟體的一個意外的收穫。
10:27
I'll show顯示 you two more. One is P25 radios收音機.
236
615164
4303
我再給展示兩個例子。一個是P25無線電通話機。
10:31
P25 radios收音機 are used by law enforcement強制
237
619467
2800
P25無線電通話機用於執法機構、
10:34
and all kinds of government政府 agencies機構
238
622267
3407
各種政府機構
10:37
and people in combat戰鬥 to communicate通信,
239
625674
1736
和民眾在戰鬥中的通話,
10:39
and there's an encryption加密 option選項 on these phones手機.
240
627410
2833
而且這些手機有個加密選項。
10:42
This is what the phone電話 looks容貌 like. It's not really a phone電話.
241
630243
2728
這是就是P25無線電通話機,這不是一個真正的電話。
10:44
It's more of a two-way雙向 radio無線電.
242
632971
1206
這是一個雙向無線電。
10:46
Motorola摩托羅拉 makes品牌 the most widely廣泛 used one, and you can see
243
634177
3322
使用得最廣泛的是由摩托羅拉所製造的,你可以看到,
10:49
that they're used by Secret秘密 Service服務, they're used in combat戰鬥,
244
637499
2649
特勤組織在使用它,他們在戰鬥中使用它,
10:52
it's a very, very common共同 standard標準 in the U.S. and elsewhere別處.
245
640148
3102
在美國和其他地方,這是一個非常普遍的標準裝備。
10:55
So one question the researchers研究人員 asked themselves他們自己 is,
246
643250
2305
因此,一個研究人員問自己的問題是,
10:57
could you block this thing, right?
247
645555
2704
你能否遮罩這個東西,對不對呢?
11:00
Could you run a denial-of-service拒絕服務,
248
648259
1583
你可以運行一個拒絕服務,
11:01
because these are first responders反應?
249
649842
1824
因為這個東西採用第一反應機制?
11:03
So, would a terrorist恐怖分子 organization組織 want to black黑色 out the
250
651666
1801
所以,在緊急情況下,一個恐怖組織會不糊黑掉
11:05
ability能力 of police警察 and fire to communicate通信 at an emergency?
251
653467
4488
員警和消防的通訊能力?
11:09
They found發現 that there's this GirlTechGirlTech device設備 used for texting發短信
252
657955
3072
他們發現有一個GirlTech公司的玩具可以用來發短信,
11:13
that happens發生 to operate操作 at the same相同 exact精確 frequency頻率
253
661027
2718
工作頻率和P25完全相同,
11:15
as the P25, and they built內置 what they called
254
663745
2271
於是他們就用這個東西建立了他們所稱的
11:18
My First Jammer干擾器. (Laughter笑聲)
255
666016
4334
“我的第一個干擾器”。(笑聲)
11:22
If you look closely密切 at this device設備,
256
670350
2378
如果你仔細觀察此設備
11:24
it's got a switch開關 for encryption加密 or cleartext明文.
257
672728
3630
它有一個開關,用於設定加密發送或明文發送。
11:28
Let me advance提前 the slide滑動, and now I'll go back.
258
676358
3050
讓我前進一下幻燈片,現在我回去。
11:31
You see the difference區別?
259
679408
2547
你看到其中的差別嗎?
11:33
This is plain text文本. This is encrypted加密.
260
681955
2557
這是純文本。這是加密的。
11:36
There's one little dot that shows節目 up on the screen屏幕,
261
684512
2557
有一個小點,顯示在螢幕上,
11:39
and one little tiny turn of the switch開關.
262
687069
2085
和一個小的轉換開關。
11:41
And so the researchers研究人員 asked themselves他們自己, "I wonder奇蹟 how
263
689154
1904
因此,研究人員問自己,
11:43
many許多 times very secure安全, important重要, sensitive敏感 conversations對話
264
691058
4257
“我不知道有多少次,非常機密的、重要的、敏感的對話
11:47
are happening事件 on these two-way雙向 radios收音機 where they forget忘記
265
695315
1623
發生在這些雙向無線電設備上,他們忘了加密
11:48
to encrypt加密 and they don't notice注意 that they didn't encrypt加密?"
266
696938
2910
並且他們沒有注意到在進行未加密的通話嗎?”
11:51
So they bought a scanner掃描器. These are perfectly完美 legal法律
267
699848
3339
於是,他們買了一台無線電掃描設備。這是完全合法的,
11:55
and they run at the frequency頻率 of the P25,
268
703187
3458
然後他們運行在P25的頻段上,
11:58
and what they did is they hopped跳上 around frequencies頻率
269
706645
1767
然後他們在附近的頻段上跳來跳去的掃描,
12:00
and they wrote software軟件 to listen in.
270
708412
2510
他們寫軟體監聽,
12:02
If they found發現 encrypted加密 communication通訊, they stayed
271
710922
2634
如果他們發現加密的通信
12:05
on that channel渠道 and they wrote down, that's a channel渠道
272
713556
1686
他們停留在該頻道上,記下來,這是一個
12:07
that these people communicate通信 in,
273
715242
1788
執法機構的人們在通話的頻道,
12:09
these law enforcement強制 agencies機構,
274
717030
1622
執法機構的人們在通話的頻道,
12:10
and they went to 20 metropolitan宗主 areas and listened聽了 in
275
718652
3391
然後他們去了20個大都市地區,在這些頻率上監聽。
12:14
on conversations對話 that were happening事件 at those frequencies頻率.
276
722043
3475
在這些頻率上監聽。
12:17
They found發現 that in every一切 metropolitan宗主 area,
277
725518
3239
他們發現,在每一個大都市區,
12:20
they would capture捕獲 over 20 minutes分鐘 a day
278
728757
2154
每天他們將捕獲超過20分鐘
12:22
of cleartext明文 communication通訊.
279
730911
2375
明文通信。
12:25
And what kind of things were people talking about?
280
733286
2000
人們在談論什麼樣的東西呢?
12:27
Well, they found發現 the names and information信息
281
735286
1484
嗯,他們發現了需要保密的報案人的名字和資訊。
12:28
about confidential機密 informants舉報人. They found發現 information信息
282
736770
2852
的名字和資訊。
12:31
that was being存在 recorded記錄 in wiretaps竊聽,
283
739622
2202
在監聽設備中記錄的資訊,
12:33
a bunch of crimes犯罪 that were being存在 discussed討論,
284
741824
2710
包括對一堆的犯罪進行的討論和
12:36
sensitive敏感 information信息.
285
744534
1162
其他敏感資訊。
12:37
It was mostly大多 law enforcement強制 and criminal刑事.
286
745696
3363
這主要是執法和刑事方面的。
12:41
They went and reported報導 this to the law enforcement強制
287
749059
1834
他們匿名了這些資訊後報給
12:42
agencies機構, after anonymizing匿名 it,
288
750893
2023
了執法機構,
12:44
and the vulnerability漏洞 here is simply只是 the user用戶 interface接口
289
752916
3000
這裏的脆弱性簡單來說在於用戶介面
12:47
wasn't good enough足夠. If you're talking
290
755916
1394
還不夠好。如果你在談論
12:49
about something really secure安全 and sensitive敏感, it should
291
757310
2816
什麼真正的安全和敏感的,
12:52
be really clear明確 to you that this conversation會話 is encrypted加密.
292
760126
3293
那麼這種談話必須是要加密的。
12:55
That one's那些 pretty漂亮 easy簡單 to fix固定.
293
763419
1886
這是很容易解決。
12:57
The last one I thought was really, really cool,
294
765305
1669
最後一個,我想是真的、真的很酷,
12:58
and I just had to show顯示 it to you, it's probably大概 not something
295
766974
2813
我這就把它展示給你,它可能不是那種
13:01
that you're going to lose失去 sleep睡覺 over
296
769787
1005
會讓你會失眠的東西,
13:02
like the cars汽車 or the defibrillators除顫器,
297
770792
1791
比如類似汽車電腦或心臟除顫器,
13:04
but it's stealing偷竊行為 keystrokes擊鍵.
298
772583
3023
但它可以偷按鍵資訊。
13:07
Now, we've我們已經 all looked看著 at smartphones智能手機 upside上邊 down.
299
775606
2747
現在,我們上下顛倒著看一下智慧手機。
13:10
Every一切 security安全 expert專家 wants to hack a smartphone手機,
300
778353
2190
每個安全專家想要攻擊一個智慧手機,
13:12
and we tend趨向 to look at the USBUSB port港口, the GPS全球定位系統 for tracking追踪,
301
780543
4612
都傾向於從USB埠、GPS跟蹤、
13:17
the camera相機, the microphone麥克風, but no one up till直到 this point
302
785155
3208
相機、麥克風,但沒有一個到現在為止
13:20
had looked看著 at the accelerometer加速度計.
303
788363
1580
看過加速計。
13:21
The accelerometer加速度計 is the thing that determines確定
304
789943
1647
加速度計的決定了智慧手機
13:23
the vertical垂直 orientation方向 of the smartphone手機.
305
791590
3494
在垂直方向的角度。
13:27
And so they had a simple簡單 setup建立.
306
795084
1417
因此,他們做了一個簡單的設置。
13:28
They put a smartphone手機 next下一個 to a keyboard鍵盤,
307
796501
2758
他們把智慧手機放到鍵盤的旁邊,
13:31
and they had people type類型, and then their goal目標 was
308
799259
2712
然後有人打字,然後他們的目標是
13:33
to use the vibrations振動 that were created創建 by typing打字
309
801971
2856
通過使用加速度計
13:36
to measure測量 the change更改 in the accelerometer加速度計 reading
310
804827
4240
測量打字產生的振動的讀數的變化,
13:41
to determine確定 what the person had been typing打字.
311
809067
3176
以確定打字內容。
13:44
Now, when they tried試著 this on an iPhone蘋果手機 3GSGS,
312
812243
2576
現在,當他們用iPhone 3GS嘗試這種方法時,
13:46
this is a graph圖形 of the perturbations擾動 that were created創建
313
814819
2769
打字會產生一個圖形的擾動,
13:49
by the typing打字, and you can see that it's very difficult
314
817588
3241
你可以看到,很難
13:52
to tell when somebody was typing打字 or what they were typing打字,
315
820829
3078
確認什麼時候人在打字和打字內容,
13:55
but the iPhone蘋果手機 4 greatly非常 improved改善 the accelerometer加速度計,
316
823907
3090
但在iPhone 4大大改善了加速度計,
13:58
and so the same相同 measurement測量
317
826997
3480
所以相同的測量動作
14:02
produced生成 this graph圖形.
318
830477
1832
產生了這個曲線圖。
14:04
Now that gave you a lot of information信息 while someone有人
319
832309
2486
現在這個圖給你了大量資訊,
14:06
was typing打字, and what they did then is used advanced高級
320
834795
3241
當有人打字的時候。接下來他們採用
14:10
artificial人造 intelligence情報 techniques技術 called machine learning學習
321
838036
3007
先進的人工智慧技術稱為機器學習
14:13
to have a training訓練 phase,
322
841043
1431
來進行訓練階段,
14:14
and so they got most likely容易 grad畢業 students學生們
323
842474
2236
所以他們叫來潛在的研究生們,
14:16
to type類型 in a whole整個 lot of things, and to learn學習,
324
844710
3789
輸入了一大堆的東西,去學習,
14:20
to have the system系統 use the machine learning學習 tools工具 that
325
848499
2768
使系統運用機器學習的工具,
14:23
were available可得到 to learn學習 what it is that the people were typing打字
326
851267
2863
瞭解人們輸入的內容,
14:26
and to match比賽 that up
327
854130
2827
然後去匹配
14:28
with the measurements測量 in the accelerometer加速度計.
328
856957
2477
加速度計的測量資料。
14:31
And then there's the attack攻擊 phase, where you get
329
859434
1635
再有就是攻擊階段,
14:33
somebody to type類型 something in, you don't know what it was,
330
861069
2811
一個人在那裏打字,你不知道他打的是什麼東西,
14:35
but you use your model模型 that you created創建
331
863880
1297
但你用你在訓練階段時的模型進行匹配,
14:37
in the training訓練 phase to figure數字 out what they were typing打字.
332
865177
3442
就可以弄清楚他們輸入內容。
14:40
They had pretty漂亮 good success成功. This is an article文章 from the USA美國 Today今天.
333
868619
3484
他們有相當高的成功率。
這是從“今日美國”的一篇文章。
14:44
They typed類型 in, "The Illinois伊利諾伊 Supreme最高 Court法庭 has ruled統治
334
872103
2609
他們鍵入“伊利諾州最高法院裁定,
14:46
that Rahm拉姆 Emanuel伊曼紐爾 is eligible合格 to run for Mayor市長 of Chicago芝加哥"
335
874712
2962
伊曼紐爾符合競選芝加哥市長的條件”
14:49
— see, I tied it in to the last talk —
336
877674
1354
看,我把它綁在最後一次談話
14:51
"and ordered有序 him to stay on the ballot選票."
337
879028
2118
“並命令他繼續競選”。
14:53
Now, the system系統 is interesting有趣, because it produced生成
338
881146
2771
現在,該系統很有趣,因為它生成了
14:55
"Illinois伊利諾伊 Supreme最高" and then it wasn't sure.
339
883917
2886
“伊利諾州最高法院” ,然後他就不確定了。
14:58
The model模型 produced生成 a bunch of options選項,
340
886803
1950
該模型產生了一堆的選項,
15:00
and this is the beauty美女 of some of the A.I. techniques技術,
341
888753
2709
這是AI技術的美妙之處,
15:03
is that computers電腦 are good at some things,
342
891462
2250
電腦在一些方面擅長,
15:05
humans人類 are good at other things,
343
893712
1534
人類在其他方面擅長,
15:07
take the best最好 of both and let the humans人類 solve解決 this one.
344
895246
1931
結合兩者的最優,讓人類解決這個問題。
15:09
Don't waste浪費 computer電腦 cycles週期.
345
897177
1382
不要浪費電腦的運算。
15:10
A human's人類 not going to think it's the Supreme最高 might威力.
346
898559
2136
一個人不會認為這是最高法院的威力。
15:12
It's the Supreme最高 Court法庭, right?
347
900695
1740
這是最高法院,對不對?
15:14
And so, together一起 we're able能夠 to reproduce複製 typing打字
348
902435
2530
所以,我們一起能夠簡單地
15:16
simply只是 by measuring測量 the accelerometer加速度計.
349
904965
2949
通過測量加速度計來重現輸入。
15:19
Why does this matter? Well, in the AndroidAndroid的 platform平台,
350
907914
3502
為什麼這個事情很重要呢?在Android平臺上,
15:23
for example, the developers開發商 have a manifest表現
351
911416
4133
例如,開發人員有一個設備清單,
15:27
where every一切 device設備 on there, the microphone麥克風, etc等等.,
352
915564
2584
每個設備都在上面,麥克風等,
15:30
has to register寄存器 if you're going to use it
353
918148
1956
如果你要使用它就必須註冊,
15:32
so that hackers黑客 can't take over it,
354
920104
2316
這樣駭客無法接管,
15:34
but nobody沒有人 controls控制 the accelerometer加速度計.
355
922420
3108
但沒有人控制加速度計。
15:37
So what's the point? You can leave離開 your iPhone蘋果手機 next下一個 to
356
925528
2216
那麼,這有什麼意義呢?你可以留下
你的iPhone到其他人的鍵盤旁邊,
15:39
someone's誰家 keyboard鍵盤, and just leave離開 the room房間,
357
927744
2106
然後離開房間,
15:41
and then later後來 recover恢復 what they did,
358
929850
1639
過一會回來就知道他們做了什麼,
15:43
even without using運用 the microphone麥克風.
359
931489
1711
甚至不使用麥克風
15:45
If someone有人 is able能夠 to put malware惡意軟件 on your iPhone蘋果手機,
360
933200
2174
如果有人能夠在你的iPhone上安裝惡意軟體,
15:47
they could then maybe get the typing打字 that you do
361
935374
2848
那麼也許他們可以得到你的打字內容,
15:50
whenever每當 you put your iPhone蘋果手機 next下一個 to your keyboard鍵盤.
362
938222
2321
當你打字時把iPhone放到鍵盤旁邊。
15:52
There's several一些 other notable顯著 attacks攻擊 that unfortunately不幸
363
940543
2271
還有其他幾個著名的攻擊,不過遺憾的是
15:54
I don't have time to go into, but the one that I wanted
364
942814
2131
我沒有時間給大家一一提到,但是,我想指出的是,
15:56
to point out was a group from the University大學 of Michigan密歇根州
365
944945
2277
美國密西根大學的一個小組已經能
15:59
which哪一個 was able能夠 to take voting表決 machines,
366
947222
2441
夠搞定投票機了,
16:01
the Sequoia紅杉 AVCAVC Edge邊緣 DREs銷毀去除率 that
367
949663
2498
Sequoia AVC Edge DRE,
16:04
were going to be used in New Jersey新澤西 in the election選舉
368
952161
1555
就是那種使用在新澤西州的選舉
16:05
that were left in a hallway門廳, and put Pac-Man吃豆人 on it.
369
953716
2161
留在走廊裏的機器。他們可以把Pac-Man遊戲機放上去。
16:07
So they ran the Pac-Man吃豆人 game遊戲.
370
955877
3623
他們運行Pac-Man遊戲。
16:11
What does this all mean?
371
959500
1747
這一切意味著什麼?
16:13
Well, I think that society社會 tends趨向 to adopt採用 technology技術
372
961247
3647
嗯,我認為社會趨向於快速採用新技術。
16:16
really quickly很快. I love the next下一個 coolest最酷 gadget小工具.
373
964894
2824
我愛最新最酷的小工具。
16:19
But it's very important重要, and these researchers研究人員 are showing展示,
374
967718
2614
但非常重要的是,在這些研究人員展示的例子中,
16:22
that the developers開發商 of these things
375
970332
1360
這些東西的開發人員
16:23
need to take security安全 into account帳戶 from the very beginning開始,
376
971692
2865
從一開始就要將安全因素考慮進去,
16:26
and need to realize實現 that they may可能 have a threat威脅 model模型,
377
974557
2785
並意識到,即使他們設計時
考慮到可能有一個威脅模型,
16:29
but the attackers攻擊者 may可能 not be nice不錯 enough足夠
378
977342
2462
但攻擊者可能沒有友善到
16:31
to limit限制 themselves他們自己 to that threat威脅 model模型,
379
979804
1777
將自己的行為限制在這個威脅模型中,
16:33
and so you need to think outside of the box.
380
981581
2537
所以你需要考慮出了這一個模型之外的所有威脅。
16:36
What we can do is be aware知道的
381
984118
1578
我們所能做的是請注意
16:37
that devices設備 can be compromised妥協,
382
985696
2479
設備可能會受到攻擊和損害,
16:40
and anything that has software軟件 in it
383
988175
1699
只要是含有軟體
16:41
is going to be vulnerable弱勢. It's going to have bugs蟲子.
384
989874
2649
它就容易受到攻擊, 它就會有缺陷。
16:44
Thank you very much. (Applause掌聲)
385
992523
3497
非常感謝你。 (掌聲)
Translated by tom tao
Reviewed by 文进 肖

▲Back to top

ABOUT THE SPEAKER
Avi Rubin - Computer security expert
Avi Rubin is a professor of computer science and director of the Health and Medical Security Lab at Johns Hopkins University. His research is focused on the security of electronic records -- including medical and voting records.

Why you should listen

Along with running the Health and Medical Security Lab, Avi Rubin is also the technical director of the JHU Information Security Institute. From 1997 to 2002, Avi was a researcher in AT&T’s Secure Systems Department, where he focused on cryptography and network security. He is also the founder of Harbor Labs, which provides expert testimony and review in legal cases related to high tech security. Avi has authored several books related to electronic security, including Brave New Ballot, published in 2006.

More profile about the speaker
Avi Rubin | Speaker | TED.com

Data provided by TED.

This site was created in May 2015 and the last update was on January 12, 2020. It will no longer be updated.

We are currently creating a new site called "eng.lish.video" and would be grateful if you could access it.

If you have any questions or suggestions, please feel free to write comments in your language on the contact form.

Privacy Policy

Developer's Blog

Buy Me A Coffee