Home » Posts tagged "camera"

不吃電池的 HD Camera Streaming...

Hacker News Daily 上看到「Towards Battery-Free HD Video Streaming」這個,不使用電池僅靠反射產生訊號,可以達到 HD 畫質的 Camera Streaming (在原型機上測試可以跑出 720p/10fps):

Finally, we design a proof-of-concept prototype with off-the-shelf hardware components that successfully backscatter 720p HD video at 10 fps up to 16 feet.

而且畫質比想像中好很多,算是比「可用」的等級還高不少:

愈來愈多在研究用 backscatter 拼一些比較複雜的應用...

Amazon Kinesis Streams 的 Video 版本:Amazon Kinesis Video Streams

這次 AWS 推出的 Amazon Kinesis Video Streams 在技術上看起來跟 Amazon Media Services 有不少重疊 (參考先前提到的文章「AWS Media Services 推出一卡車與影音相關的服務...」),但產品面上區隔開的服務:「Amazon Kinesis Video Streams – Serverless Video Ingestion and Storage for Vision-Enabled Apps」。

開頭介紹就有提到適合用在各種 IoT 裝置,用在一直有影像資料產生的設備上:

Cell phones, security cameras, baby monitors, drones, webcams, dashboard cameras, and even satellites can all generate high-intensity, high-quality video streams. Homes, offices, factories, cities, streets, and highways are now host to massive numbers of cameras.

像這張圖的所介紹的流程,以及可以保留天數的設計:

底層用了不少與 Amazon Media Services 相同的技術,但是包裝成不同的產品...

Netflix 對於拍攝影片的要求

Netflix 對於拍攝影片的要求直接放在網站上:「Production and Post-Production Requirements v2.1」。

Provide a set of technical requirements for production and post-production workflows to ensure that a high level of quality is maintained throughout the lifecycle of a project from capture to archive. This serves the purpose of future-proofing the content as the Netflix platform and viewing experience continue to evolve.

裡面有提到一些產品,這些資訊其實可以當作採購指南用... (當預算有到這個 range 時 XD)

不過動畫會怎麼算啊 XDDD (應該是另外的 requirement?)

利用手機的 sensor 取得 PIN 碼

把 side-channel information 配合上統計方法就可以達到 74% 的正確率:「Phone Hack Uses Sensors To Steal PINs」。

透過 browser 的 javascript 就可以拉出這些資料,然後利用這些資料去猜你的手機 PIN 碼:

Researchers from U.K.-based Newcastle University created a JavaScript app called PINlogger.js that has the ability to access data generated by the phone’s sensors, including GPS, camera, microphone, accelerometer, magnetometer, proximity, gyroscope, pedometer and NFC protocols.

而且當可以多抓到更多資訊時 (像是第二次輸入) 準確度就更高了:

Using a sample set of 50 PINs, researchers found that their script was able to correctly guess a user’s PIN 74 percent of the time on the first try, which increases to 86 and 94 percent success rates on the second and third attempts.

有些瀏覽器有做一些修正,讓 side-channel information 變少,於是難度變高:

As for Firefox, starting from version 46 (released in April 2016), the browser restricts JavaScript access to motion and orientation sensors. Apple’s Security Updates for iOS 9.3 (released in March 2016), suspended the availability of motion and orientation data when the web view is hidden, according to researchers.

Google 則是沒修:

As for Google, it’s unclear what measures have been taken. “Our concern is confirmed by members in the Google Chromium team, who also believe that the issue remains unresolved,” the report stated. Google did not reply to a request to comment for this report.

這攻擊方式頗不賴... @_@

夜視功能

在「Incredible low-light camera turns night into day」這邊看到這個示範影片:

軍用品,換算 ISO 可以達到 5M:

The camera was developed for military use, has an effective ISO rating of 5,000,000, and has a comically long name: “X27 Reconnaissance Day/Night high Fidelity true real time low light/low lux color night vision Imaging Security / Multi Purpose camera system”.

D-Link 因為路由器與網路鏡頭不夠安全,被美國聯邦貿易委員會告

FTC 對於 D-Link 產品的安全性不符合宣稱而告下去了:「FTC sues D-Link over router and camera security flaws」。

D-Link claimed its routers were “EASY TO SECURE” with “ADVANCED NETWORK SECURITY,” but the FTC says the company failed to protect its routers and cameras from widely known and reasonably foreseeable risks.

The complaint also says security gaps could allow hackers to watch and record people on their D-Link cameras without their knowledge, target them for theft, or record private conversations.

Dropbox 的 Document Detecting

Dropbox 發表了他們所研究的 Document Detecting 技術:「Fast and Accurate Document Detection for Scanning」。

他們希望抓出這張圖裡面「文件」的「邊緣」:

Canny edge detector 會跑出這樣,很明顯多了很多不太正確的邊線,對於後續判斷上會困難不少:

剛好也是最近看到的另外一篇文章「Image Kernels Explained Visually」在講 Image Kernel,有些地方有點類似的東西,交叉看頗有感覺的...

Anyway,Dropbox 最後的成果很不錯啊,可以看示範:

利用 MAC address 抓出網路攝影機 (AirBnB 事件後續的反制)

之前 AirBnB 的屋主在屋內安裝攝影機而打官司的事情繼續被討論:「Beware, houseguests: Cheap home surveillance cameras are everywhere now」。有人提出自救方法,作者使用 DropCam 與 Withings 的 MAC Address Prefix 抓出網路攝影機:「Detect and disconnect WiFi cameras in that AirBnB you’re staying in」。

由於 MAC address 不需要知道 WPA passphase,所以可以直接掃出來。作者提供的程式需要使用 airmon-ng 來掃無線網路。

另外作者有點出這個方法可以打掛透過無線網路的裝置 (像是 WiFi jammer),用在安全機制上 (也就是這些產品本來的設計) 未必有效,還是建議用有線網路接:

For the record, I’m well aware DropCam and Withings are also sold as baby monitors and home security products. The very fact this code exists should challenge you to reconsider the non-sane choice to rely on anything wireless for home security. More so, WiFi jammers - while illegal - are cheap. If you care, use cable.

另外要注意的是,在美國地區使用這樣的技術可能是違法的,使用時請自己負責:

It may be illegal to use this script in the US. Due to changes in FCC regulation in 2015, it appears intentionally de-authing WiFi clients, even in your own home, is now classed as ‘jamming’. Up until recently, jamming was defined as the indiscriminate addition of noise to signal - still the global technical definition. It’s worth noting here that all wireless routers necessarily ship with the ability to de-auth, as part of the 802.11 specification.

D-Link 的 open source package 內包含了拿來簽名用的 Private Key

D-LinkDCS-5020L 的 open source package (因 GPL 要求) 裡放了簽名用的 private key:「D-Link spilled its private key onto the web – letting malware dress up as Windows apps」。

而這把 key 由 Verisign 所簽,因此被 Windows 所信任,所以這把 key 可以用來簽 malware:

而不幸的是,這把 key 已經洩漏出來超過半年了:

The D-Link key was leaked in late February, and expired on September 3, it appears.

又是一連串的 revoke 過程... orz

Archives