-
(单词翻译:双击或拖选)
GUY RAZ, HOST:
On the show today, ideas about the Power Of Networks how those connections, those pathways define the world around us.
AVI RUBIN: Well, in my house, my doorbell is connected to my cell phone which is connected to my laptop which is connected to...
RAZ: This is computer scientist Avi Rubin.
RUBIN: ...The thermostat2 which is connected to the alarm system, and I can sit in my bathroom after I've taken a shower and before I've gotten dressed and pick up my phone and turn on the heat in my car. And then turn on the coffeemaker and the toaster.
RAZ: And we're all headed in this direction, right?
RUBIN: Yeah.
RAZ: I mean, our homes and our appliances - they are basically becoming extensions of us.
RUBIN: Yes. It's known as the internet of things, and all these devices are not only connected to each other, but they're connected to pretty much every other device on the Internet.
RAZ: So I should probably mention here that Avi's area of expertise3 is computer security which means he understands how all of this connectivity can also make us incredibly vulnerable.
Is everything that we own that's connected to the internet, can all of that in theory be hacked5?
RUBIN: I would say that that's a fair assumption.
RAZ: That's totally crazy.
RUBIN: Yes.
(SOUNDBITE OF ARCHIVED RECORDING)
UNIDENTIFIED REPORTER #1: If you had internet trouble this morning, you weren't alone. Hackers7 disrupted...
UNIDENTIFIED REPORTER #2: A series of cyber attacks today against the internet.
RAZ: You might remember this. It was a few months ago. Some of the biggest sites on the internet like Amazon and Google went down across large parts of the U.S.
(SOUNDBITE OF ARCHIVED RECORDING)
UNIDENTIFIED REPORTER #3: The attacks began early this morning as websites from Twitter to Netflix...
RAZ: And that disruption was caused by an attack, an attack that actually began inside the internet of things, inside the devices we use every day.
RUBIN: Unbeknownst to us, hackers out there were able to put malicious8 software on these devices by taking advantage of bugs10 in the software when these things were manufactured.
(SOUNDBITE OF ARCHIVED RECORDING)
UNIDENTIFIED WOMAN: Basically your everyday household things.
UNIDENTIFIED REPORTER #4: Experts say cheap, generic11 devices are usually the most susceptible12...
UNIDENTIFIED WOMAN: Like routers, security cameras, DVRs...
RUBIN: So some attacker sent the command to all these devices at the same time saying attack.
(SOUNDBITE OF ARCHIVED RECORDING)
UNIDENTIFIED REPORTER #5: The attacks focused on Dyn Inc., an internet switchboard for numerous major websites. The attacks continued throughout the day.
RUBIN: And so that attack was able to produce a situation where a lot of users were not able to communicate with some of the services that they rely on the most, like Twitter and Google and other sites. The service simply wasn't available.
RAZ: Just not available.
RUBIN: And it's not in most people's threat model.
RAZ: Yeah.
RUBIN: People don't say, well, I'll watch Netflix if it's available. They just say, I'm going to watch Netflix. You assume it's going to be there.
RAZ: OK, losing Netflix for a day or two - not the end of the world, right? But what Avi is worried about is that hackers can exploit our growing dependence13 on the internet of things to do some really serious damage, which he explained on the TED1 stage.
(SOUNDBITE OF TED TALK)
RUBIN: So let me talk about a couple of more interesting internet of things hacks14. One of them is Samsung's new smart fridge, OK? Samsung realized that in order to know what's on your calendar, people don't want to have to pull out their phone or go look on their computer. They can just look on their fridge. And so they designed a smart fridge that you could log into with your Google credentials15 and see your calendar right there on your fridge. The only problem is the people that built that may not have had a lot of security training. And they don't validate16 the SSL certificates. For those of you that are not technical, trust me, that means bad stuff will happen.
(LAUGHTER)
RUBIN: And what you can do is if the certificates aren't validated17, you can create a man-in-the-middle attack which will allow somebody to get the person's Gmail email, all the history of all of their email, and to log into their Gmail account, basically, because they have a smart fridge. Now, we've all seen these fitness trackers that are all the rage. Everybody is tracking their steps and their running and their health and their fitness. What I'm showing you here is a fitness tracker, one of the top models, that had a bug9 in the software. And it causes the sensors18 to sample way too much. And it injured this person.
Another device that is in the health and fitness space that I purchased was this blood pressure monitor. You use your iPhone, and then you can see - you know, say start and you can see your progress, et cetera. So I put this thing on and I activated19 it, and it started squeezing my arm. And it squeezed really, really hard. And I tend to be pretty claustrophobic, and I was starting to wonder if this thing was going to rip my arm off. I mean, it really, really, really hurt. So it didn't rip off my arm, fortunately, but I got a really scary reading. I was supposed to be dead in about three minutes based on my blood pressure reading when I did that.
And there are even things like implantable devices, like defibrillators that go right into a person, and those have connectivity to devices that can control them. And if you think about it, it makes sense, right? If somebody needs to change their defibrillator settings because their medical condition changed, you shouldn't have to cut the person open and do that if you can do it wirelessly21. But at the same time, you have to design that system so that someone can't sit in, you know, Grand Central Station and put out wireless20 signals and have people dropping all around them because they just killed them.
RAZ: I mean, it seems like if you're a sophisticated hacker6 this is, like, a golden age because everybody is connected, everything around the world is connected, and more so every day. And we haven't even thought about what that means.
RUBIN: I think we're living in a honeymoon22 phase where we get most of the benefits of the internet without the hackers completely taking over and destroying all of this. But, you know, most people are not security specialists. And so they see software as an enabler. And you see more and more devices that you wouldn't normally consider to be smart or things that you would even want to be smart. You wonder, why would somebody make a smart one of those? And yet they do.
RAZ: Right. I mean, we were just hearing from Wanis Kabbaj and, I mean, he was saying how driverless cars could solve all these problems for us. And now I'm thinking, I mean, how vulnerable they would be to hacking23, right? And not even driverless cars - all cars, the cars that are on the road today.
RUBIN: Well, some of that's already happened. There have been demonstrations24 - numerous demonstrations of being able to hack4 into cars, actual commercially deployed25 vehicles that people are driving, and getting them to break, getting them to run up to very high speeds, disabling the brakes. All of that can be done today.
RAZ: Avi Rubin will be back in just a moment to explain how pretty much any modern car can be hacked. On the show today, the Power Of Networks for good and for not so good. I'm Guy Raz, and you're listening to the TED Radio Hour from NPR.
(SOUNDBITE OF MUSIC)
RAZ: It's the TED Radio Hour from NPR. I'm Guy Raz. And on the show today, ideas about the Power Of Networks, the ones in the natural world and the ones we build for ourselves. And we were just hearing from computer science professor Avi Rubin about how so many of the things in our lives, even our cars, are networked, connected to the internet, which makes those things incredibly vulnerable to hackers.
(SOUNDBITE OF TED TALK)
RUBIN: This is a car, and it has a lot of components26, a lot of electronics in it today. In fact, it's got many, many different computers inside of it, more Pentiums than my lab did when I was in college. And they're connected by a wired network. There's also a wireless network, which can be reached from many different ways. So there's Bluetooth. There's the FM and XM radio. There's actually Wi-Fi. There are sensors in the wheels that wirelessly communicate the tire pressure to a controller onboard.
And what happens if somebody wanted to attack this? Well, that's what the researchers that I'm going to talk about today did. They actually carried out their attack in real life. They bought two cars, and I guess they have better budgets than I do. The first threat model was to see what someone could do if an attacker actually got access to the internal network on the car, OK? So think of that as someone gets to go to your car, they get to mess around with it and then they leave. And now what kind of trouble are you in?
And so they connected to the diagnostic unit on the in-car network, and they did all kinds of silly things. Like, here's a picture of the speedometer showing 140 miles an hour when the car's in park. Now, you might say, OK, that's silly. Well, what if you make the car always say it's going 20 miles an hour slower than it's actually going? You might produce a lot of speeding tickets.
Then they went out to an abandoned airstrip with two cars, the target victim car and the chase car, and they launched a bunch of other attacks simply by hacking the computer. One of the things they were able to do from the chase car is apply the brakes on the other car. They were able to disable the brakes. They also were able to install malware that wouldn't kick in and wouldn't trigger until the car was doing something like going over 20 miles an hour or something like that.
They were able to compromise every single one of the pieces of software that controlled every single one of the wireless capabilities27 of the car. And when they gave this talk, even though they gave this talk at a conference to a bunch of computer security researchers, everybody was gasping28. Am I scaring you yet?
(SOUNDBITE OF MUSIC)
RAZ: Yeah, this is pretty scary stuff. Like, has this actually happened in the real world? Like, have hackers been able to do this?
RUBIN: Well, so far, all of those have happened in the lab and they've happened by responsible people who have published their work. But the car companies are scrambling29. I know, firsthand, that they are spending millions of dollars on security. And there has been research that's shown that the car manufacturers have a bit of a ways to go to get their cars to be secure against hackers.
RAZ: You're basically saying that we're in for a pretty dark period in the future.
RUBIN: Well, if I want to try to be optimistic, I would say that the security guys are going to come through. And I think that the way that we'll come through is we're going to have to change the internet infrastructure30. We're going to have to change the way software is developed. Some of these changes are happening already but not as fast as the attacks are happening.
But once the attackers are able to regularly disable the internet, once we go two weeks without any connectivity whatsoever31, by necessity, we will invent ways to communicate once again in a much more secure and protected way.
RAZ: You're saying that we, in our lifetimes, may witness weeks without the internet.
RUBIN: Yeah, I think we'll someday long for the days where we only had a few-hour outage of the internet.
RAZ: Is there any argument to be made that, like, maybe we should just put the genie32 back in the bottle, like, maybe we should unnetwork parts of our world?
RUBIN: I think the genie is out for good. I don't think there's any way to do that. Unfortunately, the bad guys might do that for us. But there's no way to impede33 progress. You can't, for example, propose that we eliminate electricity and not use electricity. And just as we can't go back to the days before electricity, we're never going to go back to the days before networks and connectivity.
(SOUNDBITE OF MUSIC)
RAZ: Avi Rubin is a professor of computer science at Johns Hopkins University. You can see his entire talk at ted.com.
1 ted | |
vt.翻晒,撒,撒开 | |
参考例句: |
|
|
2 thermostat | |
n.恒温器 | |
参考例句: |
|
|
3 expertise | |
n.专门知识(或技能等),专长 | |
参考例句: |
|
|
4 hack | |
n.劈,砍,出租马车;v.劈,砍,干咳 | |
参考例句: |
|
|
5 hacked | |
生气 | |
参考例句: |
|
|
6 hacker | |
n.能盗用或偷改电脑中信息的人,电脑黑客 | |
参考例句: |
|
|
7 hackers | |
n.计算机迷( hacker的名词复数 );私自存取或篡改电脑资料者,电脑“黑客” | |
参考例句: |
|
|
8 malicious | |
adj.有恶意的,心怀恶意的 | |
参考例句: |
|
|
9 bug | |
n.虫子;故障;窃听器;vt.纠缠;装窃听器 | |
参考例句: |
|
|
10 bugs | |
adj.疯狂的,发疯的n.窃听器( bug的名词复数 );病菌;虫子;[计算机](制作软件程序所产生的意料不到的)错误 | |
参考例句: |
|
|
11 generic | |
adj.一般的,普通的,共有的 | |
参考例句: |
|
|
12 susceptible | |
adj.过敏的,敏感的;易动感情的,易受感动的 | |
参考例句: |
|
|
13 dependence | |
n.依靠,依赖;信任,信赖;隶属 | |
参考例句: |
|
|
14 hacks | |
黑客 | |
参考例句: |
|
|
15 credentials | |
n.证明,资格,证明书,证件 | |
参考例句: |
|
|
16 validate | |
vt.(法律)使有效,使生效 | |
参考例句: |
|
|
17 validated | |
v.证实( validate的过去式和过去分词 );确证;使生效;使有法律效力 | |
参考例句: |
|
|
18 sensors | |
n.传感器,灵敏元件( sensor的名词复数 ) | |
参考例句: |
|
|
19 activated | |
adj. 激活的 动词activate的过去式和过去分词 | |
参考例句: |
|
|
20 wireless | |
adj.无线的;n.无线电 | |
参考例句: |
|
|
21 wirelessly | |
不用电线的,用无线电波传送的 | |
参考例句: |
|
|
22 honeymoon | |
n.蜜月(假期);vi.度蜜月 | |
参考例句: |
|
|
23 hacking | |
n.非法访问计算机系统和数据库的活动 | |
参考例句: |
|
|
24 demonstrations | |
证明( demonstration的名词复数 ); 表明; 表达; 游行示威 | |
参考例句: |
|
|
25 deployed | |
(尤指军事行动)使展开( deploy的过去式和过去分词 ); 施展; 部署; 有效地利用 | |
参考例句: |
|
|
26 components | |
(机器、设备等的)构成要素,零件,成分; 成分( component的名词复数 ); [物理化学]组分; [数学]分量; (混合物的)组成部分 | |
参考例句: |
|
|
27 capabilities | |
n.能力( capability的名词复数 );可能;容量;[复数]潜在能力 | |
参考例句: |
|
|
28 gasping | |
adj. 气喘的, 痉挛的 动词gasp的现在分词 | |
参考例句: |
|
|
29 scrambling | |
v.快速爬行( scramble的现在分词 );攀登;争夺;(军事飞机)紧急起飞 | |
参考例句: |
|
|
30 infrastructure | |
n.下部构造,下部组织,基础结构,基础设施 | |
参考例句: |
|
|
31 whatsoever | |
adv.(用于否定句中以加强语气)任何;pron.无论什么 | |
参考例句: |
|
|
32 genie | |
n.妖怪,神怪 | |
参考例句: |
|
|
33 impede | |
v.妨碍,阻碍,阻止 | |
参考例句: |
|
|