透過無線 WiFi 的監視器的問題

在「Wi-Fi jamming to knock out cameras suspected in nine Minnesota burglaries (tomshardware.com)」這邊看到的,原報導在「Wi-Fi jamming to knock out cameras suspected in nine Minnesota burglaries -- smart security systems vulnerable as tech becomes cheaper and easier to acquire」。

這個手法是把無線網路的頻寬塞爆 (或是放出干擾),這樣 security camera 就算拍到東西也不會有記錄:

這個應該是已知的問題?從以前 security camera 都是建議走有線 (以及 isolated VLAN),無線的主要還是娛樂用途,而不是 security camera...

以前還有印象有看過防 EMP 的型號,不過那個是軍用...

無 Internet 也能使用的 IP cam

前幾天在 Hacker News 上看到的討論,有人在問有沒有不需要連網,也不希望透過 app 連的 IP cam:「Ask HN: IP cameras that don't require an app or internet?」。會在意隱私性的人應該會有興趣。

討論裡面意外看到幾個台灣廠商,首先是翻到 GeoVision,奇偶科技:

Geovision cameras are low end and not expensive. They are Taiwanese in origin and are pretty easy to find.

這家的產品在台灣一般 C 端的 EC 通路沒找到,但蝦皮上有翻到一些資料;如果跑去美國的 Amazon 上面找可以看到不少商品,價錢似乎比較便宜?

另外一個是台達旗下的 VIVOTEK

There's a Taiwanese brand Vivotek that makes some relatively affordable NDAA cameras. I'm hoping to try them out myself, but unfortunately haven't had time yet.

這家在 PChomemomo 上面都有擺一些商品,另外在蝦皮上就可以找到蠻多商品;在 Amazon 上面也不少商品。


Hacker News 上看到「I wrote a program that sends cats to my phone when I'm sad at the computer (healeycodes.com)」這個東西,居然是用 cam 判斷,當判斷心情不好的時候就推播貓貓的圖片,像是這樣:

除了 machine learning 的部份快,這邊還用到了幾個服務,像是 PushoverThe Cat API (居然有這種服務 XDDD)...

馬上想到前陣子看的 Don't Look Up (千萬別抬頭),裡面好像也有類似的產品 XDDD

用環境辨識改善 Google Maps 的定位

Google 透過環境辨識的方式改善 Google Maps 使用 GPS 定位時的精確度問題 (另外也試著解決方位不準的問題):「Using Global Localization to Improve Navigation」。

GPS 因為是衛星訊號,會有反射訊號而導致定位漂移的問題,像是這樣:

另外也會有指北針不準的問題,Google 的解法是利用相機傳輸現在的畫面,判斷可能的地點,後面的資料庫應該就是街景圖:


不過看了一下 YouTube 上的 keynote,是去年 Google I/O 上提到的事情了,最近出現文章應該是開始提供給一般人用?在 Facebook 上有看到一些人提到...


不吃電池的 HD Camera Streaming...

Hacker News Daily 上看到「Towards Battery-Free HD Video Streaming」這個,不使用電池僅靠反射產生訊號,可以達到 HD 畫質的 Camera Streaming (在原型機上測試可以跑出 720p/10fps):

Finally, we design a proof-of-concept prototype with off-the-shelf hardware components that successfully backscatter 720p HD video at 10 fps up to 16 feet.


愈來愈多在研究用 backscatter 拼一些比較複雜的應用...

Amazon Kinesis Streams 的 Video 版本:Amazon Kinesis Video Streams

這次 AWS 推出的 Amazon Kinesis Video Streams 在技術上看起來跟 Amazon Media Services 有不少重疊 (參考先前提到的文章「AWS Media Services 推出一卡車與影音相關的服務...」),但產品面上區隔開的服務:「Amazon Kinesis Video Streams – Serverless Video Ingestion and Storage for Vision-Enabled Apps」。

開頭介紹就有提到適合用在各種 IoT 裝置,用在一直有影像資料產生的設備上:

Cell phones, security cameras, baby monitors, drones, webcams, dashboard cameras, and even satellites can all generate high-intensity, high-quality video streams. Homes, offices, factories, cities, streets, and highways are now host to massive numbers of cameras.


底層用了不少與 Amazon Media Services 相同的技術,但是包裝成不同的產品...

Netflix 對於拍攝影片的要求

Netflix 對於拍攝影片的要求直接放在網站上:「Production and Post-Production Requirements v2.1」。

Provide a set of technical requirements for production and post-production workflows to ensure that a high level of quality is maintained throughout the lifecycle of a project from capture to archive. This serves the purpose of future-proofing the content as the Netflix platform and viewing experience continue to evolve.

裡面有提到一些產品,這些資訊其實可以當作採購指南用... (當預算有到這個 range 時 XD)

不過動畫會怎麼算啊 XDDD (應該是另外的 requirement?)

利用手機的 sensor 取得 PIN 碼

把 side-channel information 配合上統計方法就可以達到 74% 的正確率:「Phone Hack Uses Sensors To Steal PINs」。

透過 browser 的 javascript 就可以拉出這些資料,然後利用這些資料去猜你的手機 PIN 碼:

Researchers from U.K.-based Newcastle University created a JavaScript app called PINlogger.js that has the ability to access data generated by the phone’s sensors, including GPS, camera, microphone, accelerometer, magnetometer, proximity, gyroscope, pedometer and NFC protocols.

而且當可以多抓到更多資訊時 (像是第二次輸入) 準確度就更高了:

Using a sample set of 50 PINs, researchers found that their script was able to correctly guess a user’s PIN 74 percent of the time on the first try, which increases to 86 and 94 percent success rates on the second and third attempts.

有些瀏覽器有做一些修正,讓 side-channel information 變少,於是難度變高:

As for Firefox, starting from version 46 (released in April 2016), the browser restricts JavaScript access to motion and orientation sensors. Apple’s Security Updates for iOS 9.3 (released in March 2016), suspended the availability of motion and orientation data when the web view is hidden, according to researchers.

Google 則是沒修:

As for Google, it’s unclear what measures have been taken. “Our concern is confirmed by members in the Google Chromium team, who also believe that the issue remains unresolved,” the report stated. Google did not reply to a request to comment for this report.

這攻擊方式頗不賴... @_@


在「Incredible low-light camera turns night into day」這邊看到這個示範影片:

軍用品,換算 ISO 可以達到 5M:

The camera was developed for military use, has an effective ISO rating of 5,000,000, and has a comically long name: “X27 Reconnaissance Day/Night high Fidelity true real time low light/low lux color night vision Imaging Security / Multi Purpose camera system”.

D-Link 因為路由器與網路鏡頭不夠安全,被美國聯邦貿易委員會告

FTC 對於 D-Link 產品的安全性不符合宣稱而告下去了:「FTC sues D-Link over router and camera security flaws」。

D-Link claimed its routers were “EASY TO SECURE” with “ADVANCED NETWORK SECURITY,” but the FTC says the company failed to protect its routers and cameras from widely known and reasonably foreseeable risks.

The complaint also says security gaps could allow hackers to watch and record people on their D-Link cameras without their knowledge, target them for theft, or record private conversations.