{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"北京時間 4 月 16 日,全球頂級信息安全峯會 CanSecWest 2021 正在召開中。騰訊朱雀實驗室受邀參加,並進行了題爲《The Risk of AI Abuse: Be Careful with Your Voice(AI 被濫用的風險:小心您的聲音安全》的分享。這也是連續第四年騰訊安全平臺部旗下前沿安全研究團隊的相關成果入選 CanSecWest 議題。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"一、風險背景"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"人工智能有巨大的潛能改變人類命運,但同樣存在一定安全風險。一方面,AI 基礎設施潛藏安全風險。比如,全球著名漏洞數據庫 CVE 披露的典型機器學習開源框架平臺安全漏洞數量逐漸增多。另一方面,AI 設計研發階段安全風險突出,出現了許多針對 AI 系統的新型安全攻擊手法,如對抗樣本攻擊、數據投毒攻擊、模型竊取攻擊等。除此之外,AI 應用失控風險危害顯著, 像“深度僞造”類應用,給大衆帶來新奇的體驗的同時,也帶來了新的安全隱患,一旦這類應用被攻擊者濫用,將助長謠言傳播、黑灰產詐騙等。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"二、VoIP 電話劫持語音模擬攻擊"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"AI 語音技術是 AI 的一個分支,隨着 AI 技術的發展,AI 語音技術也在突飛猛進換代升級。通過基於 AI 的深度僞造變聲技術,可以利用少量用戶的聲音生成他想要模仿的聲音。這種技術給用戶帶來新奇體驗的同時,也潛在安全風險。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"深度僞造 AI 變聲技術也可能成爲語音詐騙的利器。研究發現,利用漏洞可以解密竊聽 VoIP 電話,並利用少量目標人物的語音素材,基於深度僞造 AI 變聲技術,生成目標人物聲音進行注入,撥打虛假詐騙電話。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/4e\/4ed2c690fb2ab6979bc9ba41697b98af.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖 1. 整體流程"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"三、技術原理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"總的來說,這種新型攻擊的實現方式分爲兩個部分,一是 VoIP 電話劫持,二是語音模擬。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1. VoIP 電話劫持"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"(1)音頻嗅探技術"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在某品牌 CP-79XX 系列電話中,通信使用 SCCP 協議,該協議沒有使用 TLS 對流量進行加密,導致可以在同 vLAN 下對目標電話進行竊聽操作。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"ARP 協議是網絡行爲中應用廣泛的基礎數據鏈路層協議,用於在局域網內完成 IP 到 MAC 地址的轉換。在正常的網絡通信中,我們在訪問一個 IP 地址時首先會在同局域網下發送問詢廣播包:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"Who has 10.15.2.1?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在接收到該廣播的主機會比較問詢 IP 是否爲自己的 IP,如果是則向詢問主機發送應答包,應答包中包含自身的 MAC 地址。隨後詢問主機會根據 MAC 地址構造自己的數據包完成數據交互。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在操作系統中存在 ARP 緩存表來加速這種映射關係,當黑客攻擊 ARP 協議是會搶先應答 ARP 廣播,從而造成被攻擊者的 ARP 緩存表被投毒的情況,再後續的網絡通信中,數據包均會被髮送到黑客的主機中:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/9a\/9a04ca54c9862ca3fe1d2a07f77f72b7.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖 2. ARP 攻擊示意"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"下圖是真實的 ARP 應答包:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/c0\/c0cf2e010d0cb989886dd1929724ae8e.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖 3 . 真實 ARP 應答流量"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過這種 ARP 欺騙的攻擊方式,攻擊者將被攻擊者的語音流量劫持到攻擊者主機,並進行 RTP 語音流的還原實現竊聽操作:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/81\/81958f807b99f9ec509d6b008fc5e0e4.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖 4. VoIP 電話劫持:電話竊聽"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"(2)來電身份及語音篡改"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在監控電話流量時,攻擊者通過修改 SCCP 協議中呼入者的用戶名與電話號碼信息:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/5b\/5b10e5d819502d57a619a2380bef669e.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖 5. 篡改呼入姓名與呼入電話"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"SCCP 協議在無法對呼入數據做真實性校驗,而將數據包中的呼入姓名與來電號碼完整的現實在來電屏中:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/40\/405d7e62c406ef80e7f3d1ba45114cd6.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖 6. 篡改呼入姓名與呼入電話效果"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在呼入姓名與呼入電話號碼篡改後繼續修改 RTP 協議中的語音流,實現完整的電話欺騙鏈路:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/7f\/7fb410dcc5bfb934646e1ab6ef0270be.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖 7. 語音流替換"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2、語音模擬"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"語音模擬可以根據源人物的說話內容合成具有目標人物音色特徵的音頻輸出。這項技術其實並不新鮮,早已在許多現實場景中應用落地,比如地圖應用中的定製播報語音,利用少量自己的聲音,就可以定製自己語音的播放聲音。同樣,在 VoIP 電話劫持中,利用少量被攻擊者的聲音,就可以合成與被攻擊者音色相似的任意內容的語音片段,一旦被惡意利用,攻擊者可以輕鬆撥打虛假電話,與目標人員對話。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這裏語音模擬用的是語音克隆技術,該技術只需要數秒目標人物的音頻數據和一段任意的文本序列,就可以得到逼真的合成音頻。基於深度學習的語音克隆技術主要包含音色編碼器、文本編碼器、解碼器、語音生成器幾個模塊:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"音色編碼器:音色編碼器從音頻中提取不同說話人的語音特徵。文本編碼器:文本編碼器將輸入文本轉換爲特徵。解碼器:解碼器將說話人特徵和文本特徵拼接後的結果轉化爲梅爾聲譜圖。語音生成器:最後語音生成器根據梅爾聲譜圖合成語音。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/02\/02a7fc874e45859caf7f1946f466b836.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖 8. 語音模擬過程"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"四、真實案例"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"英國某公司 CEO 遭 AI 語音詐騙,損失 220,000 歐元(約合人民幣 173 萬元)。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/58\/58a426204c706a3ca212bc6982ec8151.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖 9. AI 語音詐騙 case"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"五、防範建議"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如何防範這樣的攻擊,其實可以從防範傳統攻擊以及防範 AI 惡意應用兩個角度來說。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"首先,要防禦類似的攻擊手法,需要防止 VoIP 漏洞被攻擊者利用,安全工程師建議,可以使用新版本的 VoIP 協議電話,如 SIP、SRTP 等,減少數據被嗅探甚至被篡改流量包的風險。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"其次,可以用 AI 對抗 AI,規避 AI 技術的不合理應用。在這種攻擊中,需要藉助語音生成技術來合成虛假語音,可以基於 AI 技術來提取真實語音和虛假語音特徵,根據特徵差異來分辨真實語音和生成語音。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/62\/62819ac71e509385ec0416c347e06884.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖 10. 用 AI 對抗 AI"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"六、結尾"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"其實針對語音的攻擊手段並不只有這一種,可以給語音中添加微小擾動,或修改部分頻譜信息,就可以欺騙語音識別系統。或者,將喚醒命令隱藏在不易察覺的音樂中,就可能喚醒智能設備進行對應操作。AI 應用失控問題不應忽視,應合理善用 AI 技術,捍衛技術的邊界。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"除了 AI 應用失控的問題,AI 的數據、算法、模型、基礎組件等核心要素,均潛在安全隱患,AI 安全問題日益凸顯。騰訊安全平臺部下屬的騰訊朱雀實驗室,致力於實戰級 APT 攻擊和 AI 安全研究,不斷髮現現實網絡安全風險,爲 AI 業務提供安全保障。"}]}]}
騰訊朱雀實驗室最新研究成果入選全球安全頂會:聲音克隆風險需警惕
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"北京時間 4 月 16 日,全球頂級信息安全峯會 CanSecWest 2021 正在召開中。騰訊朱雀實驗室受邀參加,並進行了題爲《The Risk of AI Abuse: Be Careful with Your Voice(AI 被濫用的風險:小心您的聲音安全》的分享。這也是連續第四年騰訊安全平臺部旗下前沿安全研究團隊的相關成果入選 CanSecWest 議題。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"一、風險背景"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"人工智能有巨大的潛能改變人類命運,但同樣存在一定安全風險。一方面,AI 基礎設施潛藏安全風險。比如,全球著名漏洞數據庫 CVE 披露的典型機器學習開源框架平臺安全漏洞數量逐漸增多。另一方面,AI 設計研發階段安全風險突出,出現了許多針對 AI 系統的新型安全攻擊手法,如對抗樣本攻擊、數據投毒攻擊、模型竊取攻擊等。除此之外,AI 應用失控風險危害顯著, 像“深度僞造”類應用,給大衆帶來新奇的體驗的同時,也帶來了新的安全隱患,一旦這類應用被攻擊者濫用,將助長謠言傳播、黑灰產詐騙等。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"二、VoIP 電話劫持語音模擬攻擊"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"AI 語音技術是 AI 的一個分支,隨着 AI 技術的發展,AI 語音技術也在突飛猛進換代升級。通過基於 AI 的深度僞造變聲技術,可以利用少量用戶的聲音生成他想要模仿的聲音。這種技術給用戶帶來新奇體驗的同時,也潛在安全風險。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"深度僞造 AI 變聲技術也可能成爲語音詐騙的利器。研究發現,利用漏洞可以解密竊聽 VoIP 電話,並利用少量目標人物的語音素材,基於深度僞造 AI 變聲技術,生成目標人物聲音進行注入,撥打虛假詐騙電話。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/4e\/4ed2c690fb2ab6979bc9ba41697b98af.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖 1. 整體流程"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"三、技術原理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"總的來說,這種新型攻擊的實現方式分爲兩個部分,一是 VoIP 電話劫持,二是語音模擬。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1. VoIP 電話劫持"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"(1)音頻嗅探技術"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在某品牌 CP-79XX 系列電話中,通信使用 SCCP 協議,該協議沒有使用 TLS 對流量進行加密,導致可以在同 vLAN 下對目標電話進行竊聽操作。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"ARP 協議是網絡行爲中應用廣泛的基礎數據鏈路層協議,用於在局域網內完成 IP 到 MAC 地址的轉換。在正常的網絡通信中,我們在訪問一個 IP 地址時首先會在同局域網下發送問詢廣播包:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"Who has 10.15.2.1?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在接收到該廣播的主機會比較問詢 IP 是否爲自己的 IP,如果是則向詢問主機發送應答包,應答包中包含自身的 MAC 地址。隨後詢問主機會根據 MAC 地址構造自己的數據包完成數據交互。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在操作系統中存在 ARP 緩存表來加速這種映射關係,當黑客攻擊 ARP 協議是會搶先應答 ARP 廣播,從而造成被攻擊者的 ARP 緩存表被投毒的情況,再後續的網絡通信中,數據包均會被髮送到黑客的主機中:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/9a\/9a04ca54c9862ca3fe1d2a07f77f72b7.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖 2. ARP 攻擊示意"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"下圖是真實的 ARP 應答包:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/c0\/c0cf2e010d0cb989886dd1929724ae8e.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖 3 . 真實 ARP 應答流量"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過這種 ARP 欺騙的攻擊方式,攻擊者將被攻擊者的語音流量劫持到攻擊者主機,並進行 RTP 語音流的還原實現竊聽操作:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/81\/81958f807b99f9ec509d6b008fc5e0e4.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖 4. VoIP 電話劫持:電話竊聽"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"(2)來電身份及語音篡改"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在監控電話流量時,攻擊者通過修改 SCCP 協議中呼入者的用戶名與電話號碼信息:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/5b\/5b10e5d819502d57a619a2380bef669e.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖 5. 篡改呼入姓名與呼入電話"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"SCCP 協議在無法對呼入數據做真實性校驗,而將數據包中的呼入姓名與來電號碼完整的現實在來電屏中:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/40\/405d7e62c406ef80e7f3d1ba45114cd6.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖 6. 篡改呼入姓名與呼入電話效果"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在呼入姓名與呼入電話號碼篡改後繼續修改 RTP 協議中的語音流,實現完整的電話欺騙鏈路:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/7f\/7fb410dcc5bfb934646e1ab6ef0270be.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖 7. 語音流替換"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2、語音模擬"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"語音模擬可以根據源人物的說話內容合成具有目標人物音色特徵的音頻輸出。這項技術其實並不新鮮,早已在許多現實場景中應用落地,比如地圖應用中的定製播報語音,利用少量自己的聲音,就可以定製自己語音的播放聲音。同樣,在 VoIP 電話劫持中,利用少量被攻擊者的聲音,就可以合成與被攻擊者音色相似的任意內容的語音片段,一旦被惡意利用,攻擊者可以輕鬆撥打虛假電話,與目標人員對話。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這裏語音模擬用的是語音克隆技術,該技術只需要數秒目標人物的音頻數據和一段任意的文本序列,就可以得到逼真的合成音頻。基於深度學習的語音克隆技術主要包含音色編碼器、文本編碼器、解碼器、語音生成器幾個模塊:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"音色編碼器:音色編碼器從音頻中提取不同說話人的語音特徵。文本編碼器:文本編碼器將輸入文本轉換爲特徵。解碼器:解碼器將說話人特徵和文本特徵拼接後的結果轉化爲梅爾聲譜圖。語音生成器:最後語音生成器根據梅爾聲譜圖合成語音。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/02\/02a7fc874e45859caf7f1946f466b836.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖 8. 語音模擬過程"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"四、真實案例"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"英國某公司 CEO 遭 AI 語音詐騙,損失 220,000 歐元(約合人民幣 173 萬元)。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/58\/58a426204c706a3ca212bc6982ec8151.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖 9. AI 語音詐騙 case"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"五、防範建議"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如何防範這樣的攻擊,其實可以從防範傳統攻擊以及防範 AI 惡意應用兩個角度來說。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"首先,要防禦類似的攻擊手法,需要防止 VoIP 漏洞被攻擊者利用,安全工程師建議,可以使用新版本的 VoIP 協議電話,如 SIP、SRTP 等,減少數據被嗅探甚至被篡改流量包的風險。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"其次,可以用 AI 對抗 AI,規避 AI 技術的不合理應用。在這種攻擊中,需要藉助語音生成技術來合成虛假語音,可以基於 AI 技術來提取真實語音和虛假語音特徵,根據特徵差異來分辨真實語音和生成語音。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/62\/62819ac71e509385ec0416c347e06884.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"圖 10. 用 AI 對抗 AI"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"六、結尾"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"其實針對語音的攻擊手段並不只有這一種,可以給語音中添加微小擾動,或修改部分頻譜信息,就可以欺騙語音識別系統。或者,將喚醒命令隱藏在不易察覺的音樂中,就可能喚醒智能設備進行對應操作。AI 應用失控問題不應忽視,應合理善用 AI 技術,捍衛技術的邊界。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"除了 AI 應用失控的問題,AI 的數據、算法、模型、基礎組件等核心要素,均潛在安全隱患,AI 安全問題日益凸顯。騰訊安全平臺部下屬的騰訊朱雀實驗室,致力於實戰級 APT 攻擊和 AI 安全研究,不斷髮現現實網絡安全風險,爲 AI 業務提供安全保障。"}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章