Total Pageviews

Tuesday, 9 July 2024

人工智能可以做到竊聽鍵盤,偷資料?

問:英國最新一項保安研究發現,AI人工智能已發展到可以透過聆聽側錄打鍵盤時的聲音,來辨識出你打過些甚麼字,精準度超過九成。隨著網絡攻擊激增,黑客和網絡犯罪分子可能會利用這個技術,竊取電腦的資訊和密碼。如果要防範這類攻擊,又應該怎樣做?

李建軍:首先,買一個寧靜的鍵盤在保安上變得很重要。雖然現時所謂機械式鍵盤,或電競鍵盤打得十分之舒適,但其所造成的噪音已變成了一大保安漏洞,因為只要有人側錄你的打字聲音,就可以辨識出你輸入過的資料,使用寧靜的鍵盤可以防止包括中共的國保國安,或香港警察等機構,竊取敏感資料。

另一個可用方法就是在打字時播音樂,或其他有助干擾人工智能系統分辨鍵盤聲的聲音,例如廣播的聲音,當側錄你的人只收到一堆雜亂無章的聲音時,人工智能系統就無法正確識別出你輸入了甚麼資料和密碼。

如果你在咖啡室打字,則要小心身邊的人,以現時的技術,他們可以偷影你,亦可以藉偷錄製造的各類聲音,來搜集和辨識出你的個人資料。因此,如果咖啡室有形跡可疑的人士,你應該考慮離開,因為咖啡室不可能像在你自己家中,可以透過播音樂或廣播的聲音掩蓋鍵盤噪音,從而避免偷錄這個問題。寧靜的咖啡室,其實都有其不安全之處,除非那間咖啡室的老闆以至顧客都是你可以充分信任的人。

問:美國總統拜登剛簽署行政命令,將限制美國人和公司投資中國的人工智能等敏感科技,這又是否為了阻止中國當局繼續侵害中國人的基本權利?

李建軍:這一點是肯定。現時中國當局利用有美國各類金融資本支持的私人企業,去大量購買功能稍弱的輝達A800人工智能晶片,去避開美方出口管制和彌補頂級晶片的不足。要買更多晶片就需要更多資金配合,現時中國四處出現欠債情況下,如果無美國華爾街資本的支持,私營企業根本連晶片都買不夠,遑論要聘用工程人員去做學習和開發新技術。因此,阻止華爾街資本去支持中國人工智能的初創企業,並非純粹為了保持美國的國力,也為了避免中國當局利用人工智能用於邪惡監控人民,危害中國人民根本利益的用途之上。

在可見的將來,這類精準技術只會越來越多,再加上人工智能在軍事以至商業的用途,美國政府進一步限制對中國出口人工智能相關技術都是預料中,美國推動和應對仍未成形的量子電腦技術的網絡安全風險,道理亦差不多,因為量子電腦的運算能力實在太強大。

from  https://www.rfa.org/cantonese/firewall_features/firewall-ai-08112023122722.html

-----

AI can identify passwords by sound of keys being pressed, study suggests

Researchers create system using sound recordings that can work out what is being typed with more than 90% accuracy.

Tapping in a computer password while chatting over Zoom could open the door to a cyber-attack, research suggests, after a study revealed artificial intelligence (AI) can work out which keys are being pressed by eavesdropping on the sound of the typing.

Experts say that as video conferencing tools such as Zoom have grown in use, and devices with built-in microphones have become ubiquitous, the threat of cyber-attacks based on sounds has also risen.

Now researchers say they have created a system that can work out which keys are being pressed on a laptop keyboard with more than 90% accuracy, just based on sound recordings.

“I can only see the accuracy of such models, and such attacks, increasing,” said Dr Ehsan Toreini, co-author of the study at the University of Surrey, adding that with smart devices bearing microphones becoming ever more common within households, such attacks highlight the need for public debates on governance of AI.

The research, published as part of the IEEE European Symposium on Security and Privacy Workshops, reveals how Toreini and colleagues used machine learning algorithms to create a system able to identify which keys were being pressed on a laptop based on sound – an approach that researchers deployed on the Enigma cipher device in recent years.

The study reports how the researchers pressed each of 36 keys on a MacBook Pro, including all of the letters and numbers, 25 times in a row, using different fingers and with varying pressure. The sounds were recorded both over a Zoom call and on a smartphone placed a short distance from the keyboard.

The team then fed part of the data into a machine learning system which, over time, learned to recognise features of the acoustic signals associated with each key. While it is not clear which clues the system used, Joshua Harrison, first author of the study, from Durham University, said it was possible an important influence was how close the keys were to the edge of the keyboard.

“This positional information could be the main driver behind the different sounds,” he said.

The system was then tested on the rest of the data.

The results reveal that the system could accurately assign the correct key to a sound 95% of the time when the recording was made over a phone call, and 93% of the time when the recording was made over a Zoom call.

The study, which is also authored by Dr Maryam Mehrnezhad from the Royal Holloway, University of London, is not the first to show that keystrokes can be identified by sound. However, the team say their study uses the most up-to-date methods and has achieved the highest accuracy so far.

While the researchers say the work is a proof-of-principle study, and has not been used to crack passwords – which would involve correctly guessing strings of keystrokes – or in real world settings like coffee shops, they say the work highlights the need for vigilance, noting that while laptops – with their similar keyboards and common use in public places – are at high risk, similar eavesdropping methods could be applied to any keyboard.

The researchers add there are a number of ways the risk of such acoustic “side channel attacks” can be mitigated, including opting for biometric passwords where possible or activating two-step verification systems.

Failing that, they say it’s a good idea to use the shift key to create a mixture of upper and lower cases, or numbers and symbols.

“It’s very hard to work out when someone lets go of a shift key,” said Harrison.

Prof Feng Hao from the University of Warwick, who was not involved in the new study, said people should be careful not to type sensitive messages, including passwords, on a keyboard during a Zoom call.

“Besides the sound, the visual images about the subtle movements of the shoulder and wrist can also reveal side-channel information about the keys being typed on the keyboard even though the keyboard is not visible from the camera,” he said.

I hope you appreciated this article. Before you move on, I wanted to ask if you would consider supporting the Guardian’s journalism as we enter one of the most consequential news cycles of our lifetimes in 2024.

With the potential of another Trump presidency looming, there are countless angles to cover around this year’s election – and we'll be there to shed light on each new development, with explainers, key takeaways and analysis of what it means for America, democracy and the world. 

From Elon Musk to the Murdochs, a small number of billionaire owners have a powerful hold on so much of the information that reaches the public about what’s happening in the world. The Guardian is different. We have no billionaire owner or shareholders to consider. Our journalism is produced to serve the public interest – not profit motives.

And we avoid the trap that befalls much US media: the tendency, born of a desire to please all sides, to engage in false equivalence in the name of neutrality. We always strive to be fair. But sometimes that means calling out the lies of powerful people and institutions – and making clear how misinformation and demagoguery can damage democracy.

From threats to election integrity, to the spiraling climate crisis, to complex foreign conflicts, our journalists contextualize, investigate and illuminate the critical stories of our time. As a global news organization with a robust US reporting staff, we’re able to provide a fresh, outsider perspective – one so often missing in the American media bubble.
 
from https://www.theguardian.com/technology/2023/aug/08/ai-could-identify-passwords-by-sound-of-keys-being-pressed-study-suggests

 

No comments:

Post a Comment