当前位置:首页 > 报告详情

当你的数字语音克隆体失控时会发生什么?.pdf

上传人: 竿*** 编号:982118 2025-11-29 31页 2.26MB

1、#SECTORCA BlackHatEvents#SECTORCA BlackHatEventsWhat Happens When Your Digital Clone Goes RougeAndrey Markovytch#SECTORCA BlackHatEventsSpeak For Me#SECTORCA BlackHatEventsWindows TAM 9MnSpeak For Me#SECTORCA BlackHatEventsSpeak For Me Additional FeaturesPart of Windows ecosystemCan be configured as

2、 a virtual microphoneIntegration with Teams and other appsOriginally intended to people with progressive voice disabilities,but can be used by everyone Can unlock some powerful and potentially dangerous flows like autonomous agents speaking on your behalf#SECTORCA BlackHatEventsThis is a story about

3、 love that never came to be This is a story about love that never came to be#SECTORCA BlackHatEventsAlon Leviev(alon_leviev)Security Researcher MicrosoftNetanel Ben Simon(NetanelBenSimon)Senior Security Researcher MicrosoftWhoamiSecurity Testing&Offensive Research at M Senior Security Researcher at

4、Microsoft IL,part of STORM team 15 years of experience in security field,started as a developer Areas of interest:Confidential ComputePre-OSCryptoAI Models SecurityIOT and EmbeddedCalisthenics(beginner level)Proud father of 2 kids and cat#SECTORCA BlackHatEventsSpeak For Me accessibility feature ove

5、rviewThe Threat ModelVulnerabilities on the Windows client sideVulnerabilities on cloud infrastructureThe bigger problemThe tough decisionTakeaways#SECTORCA BlackHatEventsHigh Level ArchitectureServerClientText-To-SpeechSDK8.Text7.Load ModelGenerated Voice9.Generate1.Training data2.Training dataCons

6、entConsent3.Voice Model5.Model6.Save Model4.Save Model backup#SECTORCA BlackHatEventsClient Side Zoom In#SECTORCA BlackHatEventsSpeak For Me accessibility feature overviewThe Threat ModelVulnerabilities on the Windows client sideVulnerabilities on cloud infrastructureThe bigger problemThe tough deci

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: 1. **Speak For Me (SFM) 功能概述**:SFM是Windows生态系统的一部分,旨在帮助有语音障碍的人,但任何人都可以使用。它具有文本到语音功能,并与Teams等应用集成。 2. **安全威胁模型**:SFM存在多个安全漏洞,包括Windows客户端和云基础设施上的漏洞。 3. **客户端漏洞**:模型加密强度不足,水印机制易被绕过,缺乏证书固定和模型保护。 4. **云基础设施漏洞**:缺乏对文本随机性的检查,文件名未正确清理,用户存储未分离,模型密钥未安全存储,存在SSRF漏洞。 5. **资源滥用风险**:无限制的免费服务可能导致资源耗尽和财务损失。 6. **更大的问题**:保护运行时和语音资产,包括使用虚拟化安全和专用硬件。 7. **决策**:由于安全风险,SFM项目未作为应用程序发布,而是作为有限制的云服务提供给选定客户。
"语音克隆安全漏洞揭秘" "Windows语音助手安全隐患大曝光" "AI语音技术安全风险如何防范?"
客服
商务合作
小程序
服务号
折叠