Monthly Archives: June 2022

Planting Undetectable Backdoors in Machine Learning Models

Posted on by

We show how a malicious learner can plant an undetectable backdoor into a classifier. On the surface, such a backdoored classifier behaves normally, but in reality, the learner maintains a mechanism for changing the classification of any input, with only a slight perturbation. Importantly, without the appropriate “backdoor key”, the mechanism is hidden and cannot be detected by any computationally-bounded observer. We demonstrate two frameworks for planting undetectable backdoors, with incomparable guarantees.
First, we show how to plant a backdoor in any model, using digital signature schemes. The construction guarantees that given black-box access to the original model and the backdoored version, it is computationally infeasible to find even a single input where they differ. This property implies that the backdoored model has generalization error comparable with the original model. Second, we demonstrate how to insert undetectable backdoors in models trained using the Random Fourier Features (RFF) learning paradigm or in Random ReLU networks. In this construction, undetectability holds against powerful white-box distinguishers: given a complete description of the network and the training data, no efficient distinguisher can guess whether the model is “clean” or contains a backdoor.
Our construction of undetectable backdoors also sheds light on the related issue of robustness to adversarial examples. In particular, our construction can produce a classifier that is indistinguishable from an “adversarially robust” classifier, but where every input has an adversarial example! In summary, the existence of undetectable backdoors represent a significant theoretical roadblock to certifying adversarial robustness.

Source: [2204.06974] Planting Undetectable Backdoors in Machine Learning Models

Testing firm Cignpost can profit from sale of Covid swabs with customer DNA

Posted on by

A large Covid-19 testing provider is being investigated by the UK’s data privacy watchdog over its plans to sell swabs containing customers’ DNA for medical research.

Source: Testing firm can profit from sale of Covid swabs | News | The Sunday Times

Find you: an airtag which Apple can’t find in unwanted tracking

Posted on by

[…]

In one exemplary stalking case, a fashion and fitness model discovered an AirTag in her coat pocket after having received a tracking warning notification from her iPhone. Other times, AirTags were placed in expensive cars or motorbikes to track them from parking spots to their owner’s home, where they were then stolen.

On February 10, Apple addressed this by publishing a news statement titled “An update on AirTag and unwanted tracking” in which they describe the way they are currently trying to prevent AirTags and the Find My network from being misused and what they have planned for the future.

[…]

Apple needs to incorporate non-genuine AirTags into their threat model, thus implementing security and anti-stalking features into the Find My protocol and ecosystem instead of in the AirTag itself, which can run modified firmware or not be an AirTag at all (Apple devices currently have no way to distinguish genuine AirTags from clones via Bluetooth).

The source code used for the experiment can be found here.

Edit: I have been made aware of a research paper titled “Who Tracks the Trackers?” (from November 2021) that also discusses this idea and includes more experiments. Make sure to check it out as well if you’re interested in the topic!

[…]

Survey of Alternative Displays

Posted on by

[Blair Nearl] has been working on an information database for artists and hackers – a collection of non-conventional display technologies available to us. We’ve covered this repository before, six years ago – since then, it’s moved to a more suitable platform, almost doubled in size, and currently covers over 40+ display technology types and related tricks. This database is something you should check out even if you’re not looking for a new way to display things right now, however, for its sheer educational and entertainment value alone.

[…]

If you’re ever wondered about the current state of technology when it comes to flexible or transparent displays, or looked for good examples of volumetric projection done in a variety of ways, this is the place to go. It also talks about interesting experimental technologies, like drone displays, plasma combustion or scanning fiber optics. Overall, if you’re looking to spend about half an hour learning about all the ways there are to visualize something, this database is worth a read. And, if there’s a display technology the author might’ve missed and you know something about, contributions are welcome!

Someone setting out to compile information about an extensive topic is always appreciated, and helps many hackers on their path. We’ve seen that done with 3D printer resin settings and SMD part codes, to name just a few. What’s your favourite hacker-maintained database?

Source: Alternative Display Technologies And Where To Find Them

Things like Transparent displays, volumetric displays, modified polarizers, e-ink, flexible displays, lasers and projectors, lightfield displays, head mounted displays, projection on water or fog, diffusion and distortion, switchable glass, drone displays, electrochromic paint, acoustic levitation display, plasma combustion and many more

The survey itself is here

Some of Canon’s wireless Pixma printers are stuck in reboot loops

Posted on by

Over the last day or two, there have been a growing number of reports by people who own certain Canon Pixma printers that the devices either won’t turn on at all or, once turned on, get stuck in a reboot loop, cycling on and off as long as they’re plugged in. Verge reader Jamie pointed us to posts on Reddit about the problem and Canon’s own support forum, citing problems with models including the MX490, MX492, MB2010, and MG7520.

Some believe their problem is due to a software update Canon pushed to the printers, but that hasn’t been confirmed yet. In response to an inquiry from The Verge, corporate communications senior director and general manager Christine Sedlacek said, “We are currently investigating this issue and hope to bring resolution shortly as customer satisfaction is our highest priority.”

Until there is an official update or fix, some people in the forums have found that disconnecting the printers from the internet is enough to keep them from rebooting, with control still possible via USB.

To get the printers to work while maintaining your connection to the internet and their connection to local network devices, one reply from a customer on Canon’s support forum suggests a method that many people report has worked for them. If you’re experienced with network setups, DNS servers, and IP addresses, it could be worth trying, but for most people, I’d recommend waiting for an official solution.

To follow their steps, then, after taking your internet offline, turn on the printer, go into its network settings, and, under web service setup, select DNS server setup and choose manual setup. In that section, input an internal network address (192.168.X.X, with numbers replacing X that aren’t in use by any other devices on your local network), press “OK,” and then press “no” for a secondary DNS server. This keeps the printer connected to your router without accessing the wider internet, and, for some reason, has been enough to stop the devices from rebooting.

Source: Some of Canon’s wireless Pixma printers are stuck in reboot loops – The Verge

What Is Pegasus Spyware? Why is it important? Infographic

Posted on by

If you’ve been following the latest news on government surveillance scandals around the world, the name Pegasus may have popped up in your feed. It’s a complex story, so we’ve put together an infographic explainer that covers all the basics.

How does Pegasus work? Check. Which world leaders were targeted? Check. Astonishing subscription costs? Check. Gasp. Check. Our infographic should help you understand why NSO’s Pegasus software is in the news so much.

Check it out below, or download it in full here.

Source: What Is Pegasus? All About the Infamous Software (Infographic) – CyberGhost Privacy Hub