Slashdot Mirror

sciencehabit shares a report from Science Magazine: Automatic language translation has come a long way, thanks to neural networks -- computer algorithms that take inspiration from the human brain. But training such networks requires an enormous amount of data: millions of sentence-by-sentence translations to demonstrate how a human would do it. Now, two new papers show that neural networks can learn to translate with no parallel texts -- a surprising advance that could make documents in many languages more accessible.

The two new papers, both of which have been submitted to next year's International Conference on Learning Representations but have not been peer reviewed, focus on another method: unsupervised machine learning. To start, each constructs bilingual dictionaries without the aid of a human teacher telling them when their guesses are right. That's possible because languages have strong similarities in the ways words cluster around one another. The words for table and chair, for example, are frequently used together in all languages. So if a computer maps out these co-occurrences like a giant road atlas with words for cities, the maps for different languages will resemble each other, just with different names. A computer can then figure out the best way to overlay one atlas on another. Voila! You have a bilingual dictionary. The studies -- "Unsupervised Machine Translation Using Monolingual Corpora Only" and "Unsupervised Neural Machine Translation" -- were both submitted to the e-print archive arXiv.org.

Apple's first publicly disclosed paper on autonomous vehicles has been posted online by the company's computer scientists. The research describes a new software approach called "VoxelNet" that helps computers detect three-dimensional objects like cyclists and pedestrians while using fewer sensors. Reuters reports: The paper by Yin Zhou and Oncel Tuzel, submitted on Nov. 17 to independent online journal arXiv, is significant because Apple's famed corporate secrecy around future products has been seen as a drawback among artificial intelligence and machine learning researchers. The scientists proposed a new software approach called "VoxelNet" for helping computers detect three-dimensional objects.

Self-driving cars often use a combination of normal two-dimensional cameras and depth-sensing "LiDAR" units to recognize the world around them. While the units supply depth information, their low resolution makes it hard to detect small, faraway objects without help from a normal camera linked to it in real time. But with new software, the Apple researchers said they were able to get "highly encouraging results" in spotting pedestrians and cyclists with just LiDAR data. They also wrote they were able to beat other approaches for detecting three-dimensional objects that use only LiDAR. The experiments were computer simulations and did not involve road tests.

A new paper from Stanford University reveals how artificial intelligence algorithms can be quickly trained to diagnose pneumonia better than a radiologist. "Using 100,000 x-ray images released by the National Institutes of Health on Sept. 27, the research published Nov. 14 (without peer review) on the website ArXiv claims its AI can detect pneumonia from x-rays with similar accuracy to four trained radiologists," reports Quartz. From the report: That's not all -- the AI was trained to analyze x-rays for 14 diseases NIH included in the dataset, including fibrosis, hernias, and cell masses. The AI's results for each of the 14 diseases had fewer false positives and false negatives than the benchmark research from the NIH team that was released with the data. The paper includes Google Brain founder Andrew Ng as a co-author, who also served as chief scientist at Baidu and recently founded Deeplearning.ai. He's often been publicly bullish on AI's use in healthcare. These algorithms will undoubtedly get better -- accuracy on the ImageNet challenge rose from 75% to 95% in just five years -- but this research shows the speed at which these systems are built is increasing as well.

An anonymous reader quotes Bleeping Computer: Scientists from Florida International University and Bloomberg have created a custom two-factor authentication (2FA) system that relies on users taking a photo of a personal object. The act of taking the photo comes to replace the cumbersome process of using crypto-based hardware security keys (e.g., YubiKey devices) or entering verification codes received via SMS or voice call. The new system is named Pixie, and researchers argue it is more secure than the aforementioned solutions.

Pixie works by requiring users to choose an object as their 2FA key. When they set up the Pixie 2FA protection, they take an initial photo of the object that will be used for reference. Every time users try to log into their account again, they re-take a photo of the same object, and an app installed on their phone compares the two photos... In automated tests, Pixie achieved a false accept rate below 0.09% in a brute force attack with 14.3 million authentication attempts. An Android app is available for testing here.

"A trio of data scientists developed a betting strategy to beat bookmakers at football games," writes austro. [The game Americans call soccer.] New Scientist reports: The team studied 10 years' worth of data on nearly half a million football matches and the associated odds offered by 32 bookmakers between January 2005 and June 2015. When they applied their strategy in a simulation, they made a return of 3.5 per cent. Making bets randomly resulted in a loss of 3.32 per cent. Then the team decided to try betting for real. They developed an online tool that would apply their odds-averaging formula to upcoming football matches. When a favorable opportunity arose, a member of the team would email Kaunitz and his wife, one of whom then placed a bet.

They kept this up for five months, placing $50 bets around 30 times a week. And they were winning. After five months the team had made a profit of $957.50 -- a return of 8.5 per cent. But their streak was cut short. Following a series of several small wins, the trio were surprised to find that their accounts had been limited, restricting how much they could bet to as little as $1.25. The gambling industry has long restricted players who appear to show an edge over the house, says Mark Griffiths at Nottingham Trent University, UK.
The paper "illustrates how the sports gambling industry compensates market inefficiencies with discriminatory practices against successful clients," adds austro, noting that the researchers posted a paper explaining their methodology on arxiv last week. "They also made the dataset and source code available on github. And best of all, they made an online publicly available dashboard that shows a live list of bet recommendations on football matches based on their strategy here or here for anyone to try."

Slashdot reader Orome1 quotes Help Net Security: A group of Virginia Tech researchers has analyzed hundreds of posts on Stack Overflow, a popular developer forum/Q&A site, and found that many of the developers who offer answers do not appear to understand the security implications of coding options, showing a lack of cybersecurity training. Another thing they discovered is that, sometimes, the most upvoted posts/answers contain insecure suggestions that introduce security vulnerabilities in software, while correct fixes are less popular and visible simply because they have been offered by users with a lower reputation score...

The researchers concentrated on posts relevant to Java security, from both software engineering and security perspectives, and on posts addressing questions tied to Spring Security, a third-party Java framework that provides authentication, authorization and other security features for enterprise applications... Developers are frustrated when they have to spend too much time figuring out the correct usage of APIs, and often end up choosing completely insecure-but-easy fixes such as using obsolete cryptographic hash functions, disabling cross-site request forgery protection, trusting all certificates in HTTPS verification, or using obsolete communication protocols. "These poor coding practices, if used in production code, will seriously compromise the security of software products," the researchers pointed out.
The researchers blame "the rapidly increasing need for enterprise security applications, the lack of security training in the software development workforce, and poorly designed security libraries." Among their suggested solutions: new developer tools which can recognize security errors and suggest patches.

sciencehabit shares a report from Science Magazine: The Equifax breach is reason for concern, of course, but if a hacker wants to access your online data by simply guessing your password, you're probably toast in less than an hour. Now, there's more bad news: Scientists have harnessed the power of artificial intelligence (AI) to create a program that, combined with existing tools, figured more than a quarter of the passwords from a set of more than 43 million LinkedIn profiles.

Researchers at Stevens Institute of Technology in Hoboken, New Jersey, started with a so-called generative adversarial network, or GAN, which comprises two artificial neural networks. A "generator" attempts to produce artificial outputs (like images) that resemble real examples (actual photos), while a "discriminator" tries to detect real from fake. They help refine each other until the generator becomes a skilled counterfeiter. The Stevens team created a GAN it called PassGAN and compared it with two versions of hashCat and one version of John the Ripper. The scientists fed each tool tens of millions of leaked passwords from a gaming site called RockYou, and asked them to generate hundreds of millions of new passwords on their own. Then they counted how many of these new passwords matched a set of leaked passwords from LinkedIn, as a measure of how successful they'd be at cracking them. On its own, PassGAN generated 12% of the passwords in the LinkedIn set, whereas its three competitors generated between 6% and 23%. But the best performance came from combining PassGAN and hashCat. Together, they were able to crack 27% of passwords in the LinkedIn set, the researchers reported this month in a draft paper posted on arXiv. Even failed passwords from PassGAN seemed pretty realistic: saddracula, santazone, coolarse18.

Fake reviews used to be crowdsourced. Now they can be auto-generated by AI, according to a new research paper shared by AmiMoJo: In this paper, we identify a new class of attacks that leverage deep learning language models (Recurrent Neural Networks or RNNs) to automate the generation of fake online reviews for products and services. Not only are these attacks cheap and therefore more scalable, but they can control rate of content output to eliminate the signature burstiness that makes crowdsourced campaigns easy to detect. Using Yelp reviews as an example platform, we show how a two phased review generation and customization attack can produce reviews that are indistinguishable by state-of-the-art statistical detectors.
Humans marked these AI-generated reviews as useful at approximately the same rate as they did for real (human-authored) Yelp reviews.

Earlier this month, Norbert Blum, a German mathematician, had published a research paper in which he implied that P is not equal to NP. The abstract of the post read: Berg and Ulfberg and Amano and Maruoka have used CNF-DNF-approximators to prove exponential lower bounds for the monotone network complexity of the clique function and of Andreev's function. We show that these approximators can be used to prove the same lower bound for their non-monotone network complexity. This implies P not equal NP. Since the publication of that paper, several mathematicians have raised concerns with Blum's methodology, with some saying that there are flaws in it. Blum has now updated the research paper to add: The proof is wrong. I shall elaborate precisely what the mistake is. For doing this, I need some time.

A German man -- Norbert Blum -- who claimed that P is not equal to NP is seeing several challenges to his solution. From a report: Numerous mathematicians have begun to raise questions about whether the German mathematician solved it at all. Since Blum's paper was published, mathematicians and computer scientists worldwide have been racking their brains as to whether the Bonn-based researcher has, in fact, solved this Millennium Prize Problem. After an initially positive reaction, such as the one from Stanford mathematician Reza Zadeh, doubts are beginning to arise about whether Blum's reasoning is correct. In a forum for theoretical mathematics, a user named Mikhail reached out to Alexander Razborov -- the author of the paper on which Blum's proof is based -- to ask him about Blum's paper. Razborov purports to have discovered an error in Blum's paper: Blum's main argument contradicts one of Razborov's key assumptions. And mathematician Scott Aaronson, who is something of an authority in the math community when it comes to P vs. NP, said he would be willing to bet $200,000 that Blum's mathematical proof won't endure. "Please stop asking," Aaronson writes. If the proof hasn't been refuted, "you can come back and tell me I was a closed-minded fool." In the week since Aaronson's initial blog post, other mathematicians have begun trying to poke holes in Blum's proof. Dick Lipton, a computer science professor at Georgia Tech, wrote in a blog post that Blum's proof "passes many filters of seriousness," but suggested there may be some problems with it. A commenter on that blog post, known only as "vloodin," noted that there was a "single error on a subtle point" in the proof; other mathematicians have since chimed in and confirmed vloodin's initial analysis, and so the emerging consensus among many mathematicians is that a solve for P vs. NP remains elusive.

An anonymous reader quote BleepingComputer: Three researchers from New York University (NYU) have published a paper this week describing a method that an attacker could use to poison deep learning-based artificial intelligence (AI) algorithms. Researchers based their attack on a common practice in the AI community where research teams and companies alike outsource AI training operations using on-demand Machine-Learning-as-a-Service (MLaaS) platforms. For example, Google allows researchers access to the Google Cloud Machine Learning Engine, which research teams can use to train AI systems using a simple API, using their own data sets, or one provided by Google (images, videos, scanned text, etc.). Microsoft provides similar services through Azure Batch AI Training, and Amazon, through its EC2 service.

The NYU research team says that deep learning algorithms are vast and complex enough to hide small equations that trigger a backdoor-like behavior. For example, attackers can embed certain triggers in a basic image recognition AI that interprets actions or signs in an unwanted way. In a proof-of-concept demo of their work, researchers trained an image recognition AI to misinterpret a Stop road sign as a speed limit indicator if objects like a Post-it, a bomb sticker, or flower sticker were placed on the Stop sign's surface. In practice, such attacks could be used to make facial recognition systems ignore burglars wearing a certain mask, or make AI-driven cars stop in the middle of highways and cause fatal crashes.

"It is much too easy to connect devices and industrial equipment to the internet," writes an anonymous Slashdot reader. But what's the solution -- and who's to blame for the abundance of insecure IoT devices? Network World examined the conclusions in a paper titled "The Internet of Hackable Things" [PDF]. The authors say the IoT security problem is not a technological one; it's cultural... "A security culture is nearly non-existent in our society... developers must be educated to adopt the best practices for securing their IoT devices within the particular application domain; the general public must be educated to take security seriously, too, which among other things will fix the problem of not changing default password."
The anonymous reader who submitted this story argued that "IoT product makers do not need a deeply skilled team because component makers have made it so easy to connect anything to the internet. Maybe the responsibility for strong security should rest with chip makers like Intel, Freescale and Qualcomm." Leave your own opinions in the comments. Who is ultimately responsible for IoT security?

An anonymous reader writes: "Mozilla engineers are discussing plans to change the way Firefox collects usage data (telemetry), and the organization is currently preparing to test an opt-out clause so they could collect more data relevant to the browser's usage," reports Bleeping Computer. "In a Google Groups discussion that's been taking place since Monday, Mozilla engineers cite the lack of usable data the Foundation is currently receiving via its data collection program. The problem is that Firefox collects data from a very small fraction of its userbase, and this data may not be representative of the browser's real usage." Mozilla would like to fix this by flipping everyone's telemetry setting to enabled and adding an opt-out clause. Engineers also plan to embed Google's RAPPAR project [1, 2] for anonymous data collection.

An anonymous reader quotes a report from Help Net Security: More and more shopping websites accept cryptocurrencies as a method of payment, but users should be aware that these transactions can be used to deanonymize them -- even if they are using blockchain anonymity techniques such as CoinJoin. Independent researcher Dillon Reisman and Steven Goldfeder, Harry Kalodner and Arvind Narayanan from Princeton University have demonstrated that third-party online tracking provides enough information to identify a transaction on the blockchain, link it to the user's cookie and, ultimately, to the user's real identity. "Based on tracking cookies, the transaction can be linked to the user's activities across the web. And based on well-known Bitcoin address clustering techniques, it can be linked to their other Bitcoin transactions," they noted. "We show that a small amount of additional information, namely that two (or more) transactions were made by the same entity, is sufficient to undo the effect of mixing. While such auxiliary information is available to many potential entities -- merchants, other counterparties such as websites that accept donations, intermediaries such as payment processors, and potentially network eavesdroppers -- web trackers are in the ideal position to carry out this attack," they pointed out.

New submitter cccc828 writes: In a new paper Norbert Blum tackles the P=NP question and finds them to be not equal. While this is exciting news (for theoretical computer scientists at least), remember that there is a long list of findings pointing either way.

An anonymous reader quotes a report from Bleeping Computer: A team of eight researchers has discovered that by altering street signs, an adversary could confuse self-driving cars and cause their machine-learning systems to misclassify signs and take wrong decisions, potentially putting the lives of passengers in danger. The idea behind this research is that an attacker could (1) print an entirely new poster and overlay it over an existing sign, or (2) attach smaller stickers on a legitimate sign in order to fool the self-driving car into thinking it's looking at another type of street sign. While scenario (1) will trick even human observers and there's little chance of stopping it, scenario (2) looks like an ordinary street sign defacement and will likely affect only self-driving vehicles. Experiments showed that simple stickers posted on top of a Stop sign fooled a self-driving car's machine learning system into misclassifying it as a Speed Limit 45 sign from 67% to 100% of all cases. Similarly, gray graffiti stickers on a Right Turn sign tricked the self-driving car into thinking it was looking at a Stop sign. Researchers say that authorities can fight such potential threats to self-driving car passengers by using an anti-stick material for street signs. In addition, car vendors should also take into account contextual information for their machine learning systems. For example, there's no reason to have a certain sign on certain roads (Stop sign on an interstate highway).

Quantum particles have a unique ability to travel in the opposite direction from their momentum. Or, as slew (Slashdot reader #2,918) puts it, "When pushed, quantum particles can fight back." slew writes: Who knew quantum particles were passive aggressive? It's subtle, but researchers "have shown that 'backflow' can always occur, even if a force is acting on the quantum particle while it travels. The backflow effect is the result of wave-particle duality and the probabilistic nature of quantum mechanics..."

Dr Daniela Cadamuro, Researcher at the Technical University of Munich, said "The backflow effect in quantum mechanics has been known for quite a while, but it has always been discussed in regards to 'free' quantum particles, i.e., no external forces are acting on the particle."

Quantum particles have a unique ability to travel in the opposite direction from their momentum. Or, as slew (Slashdot reader #2,918) puts it, "When pushed, quantum particles can fight back." slew writes: Who knew quantum particles were passive aggressive? It's subtle, but researchers "have shown that 'backflow' can always occur, even if a force is acting on the quantum particle while it travels. The backflow effect is the result of wave-particle duality and the probabilistic nature of quantum mechanics..."

Dr Daniela Cadamuro, Researcher at the Technical University of Munich, said "The backflow effect in quantum mechanics has been known for quite a while, but it has always been discussed in regards to 'free' quantum particles, i.e., no external forces are acting on the particle."

"Researchers at Facebook realized their bots were chattering in a new language," writes Fast Company's Co.Design. "Then they stopped it." An anonymous reader summarizes their report: Facebook -- as well as Microsoft, Google, Amazon, and Apple -- said they were more interested in AI's that could talk to humans. But when two of Facebook's AI bots negotiated with each other "There was no reward to sticking to English language," says Dhruv Batra, visiting research scientist from Georgia Tech at Facebook AI Research (FAIR). Co.Design writes that the AI software simply, "learned, and evolved," adding that the creation of new languages is a phenomenon Facebook "has observed again, and again, and again". And this, of course, is problematic.

"Should we allow AI to evolve its dialects for specific tasks that involve speaking to other AIs? To essentially gossip out of our earshot? Maybe; it offers us the possibility of a more interoperable world, a more perfect place where iPhones talk to refrigerators that talk to your car without a second thought. The tradeoff is that we, as humanity, would have no clue what those machines were actually saying to one another."
One of the researchers believes that that's definitely going in the wrong direction. "We already don't generally understand how complex AIs think because we can't really see inside their thought process. Adding AI-to-AI conversations to this scenario would only make that problem worse."

"Researchers at Facebook realized their bots were chattering in a new language," writes Fast Company's Co.Design. "Then they stopped it." An anonymous reader summarizes their report: Facebook -- as well as Microsoft, Google, Amazon, and Apple -- said they were more interested in AI's that could talk to humans. But when two of Facebook's AI bots negotiated with each other "There was no reward to sticking to English language," says Dhruv Batra, visiting research scientist from Georgia Tech at Facebook AI Research (FAIR). Co.Design writes that the AI software simply, "learned, and evolved," adding that the creation of new languages is a phenomenon Facebook "has observed again, and again, and again". And this, of course, is problematic.

"Should we allow AI to evolve its dialects for specific tasks that involve speaking to other AIs? To essentially gossip out of our earshot? Maybe; it offers us the possibility of a more interoperable world, a more perfect place where iPhones talk to refrigerators that talk to your car without a second thought. The tradeoff is that we, as humanity, would have no clue what those machines were actually saying to one another."
One of the researchers believes that that's definitely going in the wrong direction. "We already don't generally understand how complex AIs think because we can't really see inside their thought process. Adding AI-to-AI conversations to this scenario would only make that problem worse."

"Researchers at Facebook realized their bots were chattering in a new language," writes Fast Company's Co.Design. "Then they stopped it." An anonymous reader summarizes their report: Facebook -- as well as Microsoft, Google, Amazon, and Apple -- said they were more interested in AI's that could talk to humans. But when two of Facebook's AI bots negotiated with each other "There was no reward to sticking to English language," says Dhruv Batra, visiting research scientist from Georgia Tech at Facebook AI Research (FAIR). Co.Design writes that the AI software simply, "learned, and evolved," adding that the creation of new languages is a phenomenon Facebook "has observed again, and again, and again". And this, of course, is problematic.

"Should we allow AI to evolve its dialects for specific tasks that involve speaking to other AIs? To essentially gossip out of our earshot? Maybe; it offers us the possibility of a more interoperable world, a more perfect place where iPhones talk to refrigerators that talk to your car without a second thought. The tradeoff is that we, as humanity, would have no clue what those machines were actually saying to one another."
One of the researchers believes that that's definitely going in the wrong direction. "We already don't generally understand how complex AIs think because we can't really see inside their thought process. Adding AI-to-AI conversations to this scenario would only make that problem worse."

schwit1 quotes Futurity: The plane of our solar system is warped in the outer reaches of the Kuiper Belt, suggesting the presence of an unknown Mars-to-Earth-mass planetary object far beyond Pluto -- but much closer than Planet Nine. An unknown, unseen "planetary mass object" may lurk in the outer reaches of our solar system, according to new research on the orbits of minor planets.

The object would be different from -- and much closer than -- the so-called Planet Nine, a planet whose existence has yet to be confirmed... "The most likely explanation for our results is that there is some unseen mass," says Kat Volk, a postdoctoral fellow at the University of Arizona's Lunar and Planetary Laboratory and lead author of the study in the Astronomical Journal. "According to our calculations, something as massive as Mars would be needed to cause the warp that we measured."

Dthief shares a report from New Scientist: Now and then, a painter like Claude Monet or Pablo Picasso comes along and turns the art world on its head. They invent new aesthetic styles, forging movements such as impressionism or abstract expressionism. But could the next big shake-up be the work of a machine? An artificial intelligence has been developed that produces images in unconventional styles -- and much of its output has already been given the thumbs up by members of the public. The team [of researchers] modified a type of algorithm known as a generative adversarial network (GAN), in which two neural nets play off against each other to get better and better results. One creates a solution, the other judges it -- and the algorithm loops back and forth until the desired result is reached. In the art AI, one of these roles is played by a generator network, which creates images. The other is played by a discriminator network, which was trained on 81,500 paintings to tell the difference between images we would class as artworks and those we wouldn't -- such as a photo or diagram, say. The discriminator was also trained to distinguish different styles of art, such as rococo or cubism. The clever twist is that the generator is primed to produce an image that the discriminator recognizes as art, but which does not fall into any of the existing styles.

InfiniteZero shares a report from Phys.Org: Did our sun have a twin when it was born 4.5 billion years ago? Almost certainly yes -- though not an identical twin. And so did every other sun-like star in the universe, according to a new analysis by a theoretical physicist from UC Berkeley and a radio astronomer from the Smithsonian Astrophysical Observatory at Harvard University. The new assertion is based on a radio survey of a giant molecular cloud filled with recently formed stars in the constellation Perseus, and a mathematical model that can explain the Perseus observations only if all sunlike stars are born with a companion. "We ran a series of statistical models to see if we could account for the relative populations of young single stars and binaries of all separations in the Perseus molecular cloud, and the only model that could reproduce the data was one in which all stars form initially as wide (more than 500 astronomical units) binaries," said co-author Steven Stahler, a UC Berkeley research astronomer. "These systems then either shrink or break apart within a million years." The study has been published in April on the arXiv server.

An anonymous reader writes: Researchers from the Ben-Gurion University of the Negev in Israel have developed malware that when installed on a router or a switch can take control over the device's LEDs and use them to transmit data in a binary format to a nearby attacker, who can capture it using simple video recording equipment. The attack is similar to the LED-it-GO attack developed by the same team, which uses a hard drive's blinking LED to steal data from air-gapped computers. Because routers and switches have many more LEDs than a hard drive, this attack scenario is much more efficient, as it can transmit data at about the same speed, but multiplied by the number of ports/LEDs. Researchers say they were able to steal data by 1000 bits/ per LED, making this the most efficient attack known to date. The attack worked best when coupled with optical sensors, which are capable of sampling LED signals at high rates, enabling data reception at a higher bandwidth than other typical video recording equipment. A video of the attack is available here.

An anonymous reader shares an article: A new neural network being built by a Danish startup called UIzard Technologies IVS has created an application that can transform raw designs of graphical user interfaces into actual source code that can be used to build them. Company founder Tony Beltramelli has just published a research paper that reveals how it has achieved that. It uses cutting-edge machine learning technologies to create a neural network that can generate code automatically when it's fed with screenshots of a GUI. The Pix2Code model actually outperforms many human coders because it can create code for three separate platforms, including Android, iOS and "web-based technologies," whereas many programmers are only able to do so for one platform. Pix2Code can create GUIs from screenshots with an accuracy of 77 percent, but that will improve as the algorithm learns more, the founder said.

Orome1 quotes Help Net Security: Even though many IoT devices for smart homes encrypt their traffic, a passive network observer -- e.g. an ISP, or a neighborhood WiFi eavesdropper -- can infer consumer behavior and sensitive details about users from IoT device-associated traffic rate metadata. A group of researchers from the Computer Science Department of Princeton University have proven this fact by setting up smart home laboratory with a passive network tap, and examining the traffic rates of four IoT smart home devices: a Sense sleep monitor, a Nest Cam Indoor security camera, a WeMo smart outlet, and an Amazon Echo smart speaker... "Once an adversary identifies packet streams for a particular device, one or more of the streams are likely to encode device state. Simply plotting send/receive rates of the streams revealed potentially private user interactions for each device we tested," the researchers noted. [PDF]
In addition, the article notes, "Separating recorded network traffic into packet streams and associating each stream with an IoT device is not that hard."

sciencehabit quotes a report from Science Magazine: Astronomers and alien life enthusiasts alike are buzzing over the sudden dimming of an otherwise unremarkable star 1300 light-years away in the constellation Cygnus. KIC 8462852 or "Tabby's star" has dimmed like this several times before, prompting some researchers to suggest that the megastructures of an advanced alien civilization might be blocking its light. And now -- based on new data from numerous telescopes -- it's doing it again. "This is the first clear dip we have seen since [2013], and the first we have ever caught in real time," says Jason Wright, an astronomer at Pennsylvania State University in State College. If they can rope in more telescopes, astronomers hope to gather enough data to finally figure out what's going on. "This could be the first of several dips about to come," says astronomer David Kipping of Columbia University. "Many observers will be closely watching." KIC 8462852 was first noticed to be dipping in brightness at seemingly random intervals between 2011 and 2013 by NASA's Kepler telescope. Kepler, launched to observe the stellar dimmings caused when an exoplanet passes in front of its star, revealed that the dimming of Tabby's star was much more erratic than a typical planetary transit. It was also more extreme, with its brightness sometimes dropping by as much as 20%. This was not the passage of a small circular planet, but of something much larger and more irregular.

New submitter LCooke writes: A international research team led by the University of Durham thinks a mysterious cold spot in the universe could offer evidence of a parallel universe. The cold spot could have resulted after our universe collided with another. Physicist Tom Shanks said, [...] "the cold spot might be taken as the first evidence for the multiverse -- and billions of other universes may exist like our own." From the report via Inhabitat: "NASA first discovered the baffling cold spot in 2004. The cold spot is 1.8 billion light years across and, as you may have guessed, colder than what surrounds it in the universe. Scientists thought perhaps it was colder because it had 10,000 less galaxies than other regions of similar size. They even thought perhaps the cold spot was just a trick of the light. But now an international team of researchers think perhaps the cold spot could actually offer evidence for the concept of a multiverse. The Guardian explains an infinite number of universes make up a multiverse; each having its own reality different from ours. These scientists say they've ruled out the last-ditch optical illusion idea. Instead, they think our universe may have collided with another in what News.com.au described as something like a car crash; the impact could have pushed energy away from an area of space to result in the cold spot." The study has been published in the journal Monthly Notices of the Royal Astronomical Society.

sciencehabit quotes a report from Science Magazine: Your wireless router may be giving you away in a manner you never dreamed of. For the first time, physicists have used radio waves from a Wi-Fi transmitter to encode a 3D image of a real object in a hologram similar to the image of Princess Leia projected by R2D2 in the movie Star Wars. In principle, the technique could enable outsiders to "see" the inside of a room using only the Wi-Fi signals leaking out of it, although some researchers say such spying may be easier said than done. Their experiment relies on none of the billions of digital bits of information encoded in Wi-Fi signals, just the fact that the signals are clean, "coherent" waves. However, instead of recording the key interference pattern on a photographic plate, the researchers record it with a Wi-Fi receiver and reconstruct the object in a computer. They placed a Wi-Fi transmitter in a room, 0.9 meters behind the cross. Then they placed a standard Wi-Fi receiver 1.4 meters in front of the cross and moved it slowly back and forth to map out a "virtual screen" that substituted for the photographic plate. Also, instead of having a separate reference beam coming straight to the screen, they placed a second, stationary receiver a few meters away, where it had a direct view of the emitter. For each point on the virtual screen, the researchers compared the signals arriving simultaneously at both receivers, and made a hologram by mapping the delays caused by the aluminum cross. The virtual hologram isn't exactly like a traditional one, as researchers can't recover the image of the object by shining more radio waves on it. Instead, the scientists used the computer to run the radio waves backward in time from the screen to the distance where wave fronts hit the object. The cross then popped out.

An anonymous reader quotes Help Net Security: Researchers from several German universities have checked the PHP codebases of over 64,000 projects on GitHub, and found 117 vulnerabilities that they believe have been introduced through the use of code from popular but insufficiently reviewed tutorials. The researchers identified popular tutorials by inputting search terms such as "mysql tutorial", "php search form", "javascript echo user input", etc. into Google Search. The first five results for each query were then manually reviewed and evaluated for SQLi and XSS vulnerabilities by following the Open Web Application Security Project's Guidelines. This resulted in the discovery of 9 tutorials containing vulnerable code (6 with SQLi, 3 with XSS).
The researchers then checked for the code in GitHub repositories, and concluded that "there is a substantial, if not causal, link between insecure tutorials and web application vulnerabilities." Their paper is titled "Leveraging Flawed Tutorials for Seeding Large-Scale Web Vulnerability Discovery."

RockDoctor writes: A recent proposition to launch probes to other star systems driven by lasers which remain in the Solar system has garnered considerable attention. But recently published work suggests that there are unexpected complexities to the system. One would think that the closest star systems would be the easiest to reach. But unless you are content with a fly-by examination of the star system, with much reduced science returns, you will need to decelerate the probe at the far end, without any infrastructure to assist with the braking. By combining both light-pressure braking and gravitational slingshots, a team of German, French and Chilean astronomers discover that the brightness of the destination star can significantly increase deceleration, and thus travel time (because higher flight velocities can be used). Slingshotting around a companion star to lengthen deceleration times can help shed flight velocity to allow capture into a stable orbit. The 4.37 light year distant binary stars Alpha Centauri A and B could be reached in 75 years from Earth. Covering the 0.24 light year distance to Proxima Centauri depends on arriving at the correct relative orientations of Alpha Centauri A and B in their mutual 80 year orbit for the sling shot to work. Without a companion star, Proxima Centauri can only absorb a final leg velocity of about 1280km/s, so that leg of the trip would take an additional 46 years. Using the same performance characteristics for the light sail, the corresponding duration for an approach to the Sirius system, almost twice as far away (8.58 lightyears), is a mere 68.9 years, making it (and it's white dwarf companion) possibly a more attractive target. Of course, none of this addresses the question of how to get any data from there to here. Or, indeed, how to manage a project that will last longer than a working lifetime. There are also issues of aiming -- the motion of the Alpha Centauri system isn't well-enough known at the moment to achieve the precise maneuvering needed without course corrections (and so, data transmission from there to here) en route.

Researchers recently surveyed 2,200 software developers to calculate the distribution of unhappiness throughout the profession, and to identify its top causes, "incorporating a psychometrically validated instrument for measuring (un)happiness." An anonymous reader quotes Motherboard: Daniel Graziotin and his team found their survey subjects via GitHub. Contact information was found by mining archived data for past public GitHub events, where email addresses are apparently more plentiful. They wound up with 33,200 records containing developer locations, contact information, and employers. They took a random sampling from this dataset and wound up with about 1,300 valid survey responses... According to survey results released earlier this month, software developers are on average a "slightly happy" group of workers...

Survey responses were scored according to the SPANE-B metric, a standard tool used in psychology to assess "affect," defined as total negative feelings subtracted from total positive feelings. It ranges from -24 to 24. The mean score found in the developer happiness survey was 9.05. Slightly happy. The minimum was -16, while the maximum was 24. So, even in the worst cases, employees weren't totally miserable, whereas in the best cases employees weren't miserable at all.
The paper -- titled "On the Unhappiness of Software Developers" -- found that the top cause of unhappiness was being stuck while solving a problem, followed by "time pressure," bad code quality/coding practices, and "under-performing colleague."

And since happiness has been linked to productivity, the researchers write that "Our results, which are available as open data, can act as guidelines for practitioners in management positions and developers in general for fostering happiness on the job...unhappiness is present, caused by various factors and some of them could easily be prevented."

"It was a spark in the night. A flash of X-rays from a galaxy hovering nearly invisibly on the edge of infinity. Astronomers say they do not know what caused it." Slashdot reader schwit1 quotes the New York Times: The orbiting Chandra X-ray Observatory, was in the midst of a 75-day survey of a patch of sky known as the Chandra Deep Field-South, when it recorded the burst from a formerly quiescent spot in the cosmos. For a few brief hours on Oct 1, 2014, the X-rays were a thousand times brighter than all the light from its home galaxy, a dwarf unremarkable speck almost 11 billion light years from here, in the constellation Fornax. Then whatever had gone bump in the night was over and the X-rays died.

The event as observed does not fit any known phenomena, according to Franz Bauer, an astronomer at Pontifical Catholic University of Chile, and lead author of a report to be published in Science.
He described some possible explanation in a blog post this week -- for example, a star being torn apart by a black hole, or the afterglow from a gamma ray burst seen sideways -- but the spectrum readings aren't a match, according to the Times. "None of the usual cosmic catastrophe suspects work."

An anonymous reader writes: "Scientists from two Israeli universities have come up with a way to use flatbed scanners as relay points when sending commands to malware installed on an air-gapped computer," reports BleepingComputer. "Further research also revealed the scanner could also be used to relay stolen data to a nearby attacker. The technique they came up with revolves around the idea that a beam of light could be interpreted as a binary 1 and the lack of visual stimulant can be considered a binary 0."

The attacks can be carried out with lasers mounted on drones, on fixed stands, or by hacking smart light bulbs present near the targeted computer. Attack distances can go up to 900 meters (0.56 miles). During their tests, researchers sent various commands to the PC, such as "d x.pdf" (delete file x.pdf) and "en q" (encrypt folder q). Relaying such commands took between 50 to 100 milliseconds. This research was done by the same team that created methods to steal data from PCs using a hard drive's LED, fan heat, sounds emanated by a computer's GPU fan, electromagnetic signals given out by the GPU, and electromagnetic signals given out by an USB bus.
Here's a PDF of the report, which is titled "Oops!...I think I scanned a malware."

boley1 quotes a report from New Atlas: According to the Lambda Cold Dark Matter (Lambda-CDM) model, which is the current accepted standard for how the universe began and evolved, the ordinary matter we encounter every day only makes up around five percent of the universe's density, with dark matter comprising 27 percent, and the remaining 68 percent made up of dark energy, a so-far theoretical force driving the expansion of the universe. A new study has questioned whether dark energy exists at all, citing computer simulations that found that by accounting for the changing structure of the cosmos, the gap in the theory, which dark energy was proposed to fill, vanishes. According to the new study from Eotvos Lorand University in Hungary and the University of Hawaii, the discrepancy that dark energy was "invented" to fill might have arisen from the parts of the theory that were glossed over for the sake of simplicity. The researchers set up a computer simulation of how the universe formed, based on its large-scale structure. That structure apparently takes the form of "foam," where galaxies are found on the thin walls of each bubble, but large pockets in the middle are mostly devoid of both normal and dark matter. The team simulated how gravity would affect matter in this structure and found that, rather than the universe expanding in a smooth, uniform manner, different parts of it would expand at different rates. Importantly, though, the overall average rate of expansion is still consistent with observations, and points to accelerated expansion. The end result is what the team calls the Avera model. If the research stands up to scrutiny, it could change the direction of the study of physics away from chasing the ghost of dark energy. "The theory of general relativity is fundamental in understanding the way the universe evolves," says Dr Laszlo Dobos, co-author of the new paper. "We do not question its validity; we question the validity of the approximate solutions. Our findings rely on a mathematical conjecture which permits the differential expansion of space, consistent with general relativity, and they show how the formation of complex structures of matter affects the expansion. These issues were previously swept under the rug but taking them into account can explain the acceleration without the need for dark energy." The study has been published in the Monthly Notices of the Royal Astronomical Society. You can view an animation that compares the different models here.

schwit1 writes: Astronomers have spotted a star whizzing around a vast black hole at about 2.5 times the distance between Earth and the Moon, and it takes only half an hour to complete one orbit. To put that into perspective, it takes roughly 28 days for our Moon to do a single lap around our relatively tiny planet at speeds of 3,683 km(2,288 miles) per hour. Using data from an array of deep space telescopes, a team of astronomers have measured the X-rays pouring from a binary star system called 47 Tuc X9, which sits in a cluster of stars about 14,800 light-years away. The pair of stars aren't new to astronomers -- they were identified as a binary system way back in 1989 -- but it's now finally becoming clear what's actually going on here. When a white dwarf pulls material from another star, the system is described as a cataclysmic variable star. But back in 2015, one of the objects was found to be a black hole, throwing that hypothesis into serious doubt. Data from Chandra has confirmed large amounts of oxygen in the pair's neighborhood, which is commonly associated with white dwarf stars. But instead of a white dwarf ripping apart another star, it now seems to be a black hole stripping the gases from a white dwarf. The real exciting news, however, is regular changes in the X-rays' intensity suggest this white dwarf takes just 28 minutes to complete an orbit, making it the current champion of cataclysmic dirty dancers. To put it in perspective, the distance between the two objects in X9 is about 1 million kilometers (about 600,000 miles), or about 2.5 times the distance from here to the Moon. Crunching the numbers, that's a journey of roughly 6.3 million kilometers (about 4 million miles) in half an hour, giving us a speed of 12,600,000 km/hr (8,000,000 miles/hr) - about 1 percent of the speed of light.

BrianFagioli writes: Today, Google released yet another open source project. Called "Guetzli," it is a JPEG encoder that aims to produce even smaller image file sizes. In fact, the search giant claims a whopping 35 percent improvement over existing JPEG compression. If you are wondering why smaller file sizes are important, it is quite simple -- the web. If websites can embed smaller images, users can experience faster load times while using less data. While Google didn't aim to improve JPEG image quality with Guetzli, it seems it has arguably done so. It is subjective, but the search giant surveyed human beings and found they preferred Google's open source offering 75 percent of the time. Smaller file sizes and better image quality? Wow! Google has done something amazing here.

A team of researchers claim they can identify Twitter account activity that's posted by bots through their new web portal -- "Bot or Not?" -- leveraging "more than a thousand features extracted from public data and meta-data." And it turns out there are a lot of bots. An anonymous reader writes: "A study released by the University of Southern California reports that roughly nine to 15 percent of Twitter accounts...are so-called bots controlled by software instead of humans," according to CBS News. "Twitter boasts 319 monthly active users meaning that this recent revelation equates to nearly 48 million bot accounts, according the university's high-end figure." CNBC adds that "The research could be troubling news for Twitter, which has struggled to grow its user base in the face of growing competition from Facebook, Instagram, Snapchat and others." In a 2014 SEC filing Twitter admitted that between 5 and 8% of their users were bots.
Twitter's response to this new report? "Many bot accounts are extremely beneficial, like those that automatically alert people of natural disasters ... or from customer service points of view."

New submitter cryptizard writes: Modern Android and iOS versions include a technology called MAC address randomization to prevent passive tracking of users as they move from location to location. Unfortunately, researchers have revealed that this technology is implemented sporadically by device manufacturers and is often deployed with significant flaws that allow it to be easily defeated. A research paper [published by U.S. Naval Academy researchers] highlights a number of flaws in both Android and iOS that allow an adversary to track users even when their phones are using randomized MAC addresses. Most significantly, they demonstrate that a flaw in the way wireless chipsets handle low-level control messages can be exploited to track 100% of devices, regardless of manufacturer or operating system.

Researchers used machine learning to analyze every single comment left on Wikipedia in 2015. An anonymous reader shares their results: 34 "highly toxic users" were responsible for 9% of all the personal attacks in the comments on Wikipedia, according to a research team from Alphabet's Jigsaw and the Wikimedia Foundation. They concluded that "significant progress could be made by moderating a relatively small number of frequent attackers." But at the same time, in Wikipedia's comments "less than half of attacks come from users with little prior participation; and perhaps surprisingly, approximately 30% of attacks come from registered users with over a 100 contributions. These results suggest the problems associated with personal attacks do not have an easy solution... the majority of personal attacks on Wikipedia are not the result of a few malicious users, nor primarily the consequence of allowing anonymous contributions."

The researchers "developed a machine learning algorithm that was able to identify and distinguish different forms of online abuse and personal attacks," reports Bleeping Computer, adding that the team "hopes that Wikipedia uses their study to build a comments monitoring dashboard that could track down hotspots of abusive personal attacks and help moderators ban or block toxic users." The paper describes it as a method "that combines crowdsourcing and machine learning to analyze personal attacks at scale."

An anonymous reader quotes a report from USA Today: A massive black hole devoured a star over a 10 year period, setting a new record for the longest space meal ever observed, according to new research. Researchers spotted the ravenous black hole with NASA's Chandra X-ray Observatory and Swift satellite as well as ESA's XMM-Newton, according to a statement from NASA. When objects like stars get too close to black holes, the intense gravity of the black hole can rip the star apart in what's called a tidal disruption event (TDE), according to NASA. While some of the debris from the star is flung forward, parts of it are pulled back and ingested by the black hole, where it heats up and emits an X-ray flare, NASA said in a statement. The tidal disruption event spotted by the trio of X-ray telescopes, is unlike anything researchers have ever seen, lasting ten times longer than any observed incident of star's death caused by a black hole, according to research published in Nature Astronomy Feb. 6. The black hole, dubbed XJ1500+0154, is located in a galaxy 1.8 billion light-years from Earth. Researchers first spotted it in 2005 and it reached peak brightness in 2008, according to the statement. According to NASA, researchers believe that the black hole may have consumed the most massive star ever completely torn apart during a TDE.

Google Brain has created new software that can create detailed images from tiny, pixelated images. If you've ever tried zooming in on an image, you know that it generally becomes more blurry. You'd just get larger pixels and not a clear image. Google's new software effectively extracts details from a few source pixels to enhance pixelated images. Softpedia reports: For instance, Google Brain presented some 8x8 pixel images which it then turned into some pretty clear photos where you can actually tell facial features apart. What is this sorcery, you ask? Well, it's Google combining two neural networks. The first one, the conditioning network, works to map the 8x8 pixel source image against other high-resolution images. Basically, it downsizes other high-res images to the same 8x8 size and tries to make a match on the features. Then, the second network comes into play, called the prior network. This one uses an implementation of PixelCNN to add realistic, high-res details to that 8x8 source image. If the networks know that one particular pixel could be an eye, when you zoom in, you'll see the shape of an eye there. Or an eyebrow, or a mouth, for instance. The technology was put to the test and it was quite successful against humans. Human observers were shown a high-resolution celebrity face vs. the upscaled image resulted from Google Brain. Ten percent of the time, they were fooled. When it comes to the bedroom images used by Google for the testing, 28 percent of humans were fooled by the computed image.

Three researchers "decided to scan the entire IPv4 address range every 15 minutes between 2006-2012 to work out what insights they could gain from humanity's mass connection to the internet," reports ITnews. The study...analysed data from 411 large regions from middle to high-income countries and found a positive correlation between GDP per capita and the number of IP addresses per head. A 10% increase in IP addresses per capita was associated with an 0.8% hike in GDP, the analysis found. The researchers cautioned that the output and productivity growth they noted when the number of IP address increased was correlation rather than causation. Service-oriented sectors -- such as publishing, news, film production, administrative support, and education -- appear to have suffered a negative effect from increasing internet penetration [PDF]. The researchers believe these sectors were susceptible to competition from cheaper outsourcing providers.
Slashdot Bismillah pointed out that the researchers also measured sleeping patterns over seven years, assuming IP addresses of internet-connected devices generally correlated to people who were awake. According to the article, "They found that sleep patterns may be changing and converging around the world: Europeans slept less, East Asians more, while Americans' sleeping patterns remained static over the seven-year period."

The discovery of "non-equilibrium matter" could re-write the rules of physics. Long-time Slashdot reader jasonbrown quotes ScienceAlert: For months now, there's been speculation that researchers might have finally created time crystals — strange crystals that have an atomic structure that repeats not just in space, but in time, putting them in perpetual motion without energy. Now it's official — researchers have just reported in detail how to make and measure these bizarre crystals. And two independent teams of scientists claim they've actually created time crystals in the lab based off this blueprint, confirming the existence of an entirely new form of matter.
Both teams -- one at Harvard and the other at the University of Maryland -- have submitted their findings to peer-reviewed publications, according to the article, and "the fact that two separate teams have used the same blueprint to make time crystals out of vastly different systems is promising."

The discovery of "non-equilibrium matter" could re-write the rules of physics. Long-time Slashdot reader jasonbrown quotes ScienceAlert: For months now, there's been speculation that researchers might have finally created time crystals — strange crystals that have an atomic structure that repeats not just in space, but in time, putting them in perpetual motion without energy. Now it's official — researchers have just reported in detail how to make and measure these bizarre crystals. And two independent teams of scientists claim they've actually created time crystals in the lab based off this blueprint, confirming the existence of an entirely new form of matter.
Both teams -- one at Harvard and the other at the University of Maryland -- have submitted their findings to peer-reviewed publications, according to the article, and "the fact that two separate teams have used the same blueprint to make time crystals out of vastly different systems is promising."

mi writes: Turns out, there are researchers studying ways to identify bots on Twitter -- fake accounts used by individuals or groups for various purposes. They identified, what seems like a collection of 350,000 accounts, all of which share the same subtle characteristics: tweets coming from places where nobody lives; messages being posted only from Windows phones; exclusively including quotes from Star Wars novels. "Considering all the efforts already there in detecting bots, it is amazing that we can still find so many bots, much more than previous research," Dr Zhou, a senior lecturer from UCL, told the BBC. Juan Echeverria uncovered the massive networks by combing through a sample of 1% of Twitter users in order to get a better understanding of how people use the social network. He is now asking the public via a website and a Twitter account to report bots to get a better idea of how prevalent they are. Some bots are easy to spot as they likely have been created recently, have few followers, have strange usernames and little content in the messages.

An anonymous reader writes from a report via BleepingComputer: The security protocol that governs how virtual machines share data on a host system powered by AMD Zen processors has been found to be insecure, at least in theory, according to two German researchers. The technology, called Secure Encrypted Virtualization (SEV), is designed to encrypt parts of the memory shared by different virtual machines on cloud servers. AMD, who plans to ship SEV with its upcoming line of Zen processors, has published the technical documentation for the SEV technology this past April. The German researchers have analyzed the design of SEV, using this public documentation, and said they managed to identify three attack channels, which work, at least in theory.

[In a technical paper released over the past weekend, the researchers described their attacks:] "We show how a malicious hypervisor can force the guest to perform arbitrary read and write operations on protected memory. We describe how to completely disable any SEV memory protection configured by the tenant. We implement a replay attack that uses captured login data to gain access to the target system by solely exploiting resource management features of a hypervisor." AMD is scheduled to ship SEV with the Zen processor line in the first quarter of 2017.

sciencehabit writes: There's an abundant new swath of cosmic real estate that life could call home -- and the views would be spectacular. Floating out by themselves in the Milky Way galaxy are perhaps a billion cold brown dwarfs, objects many times as massive as Jupiter but not big enough to ignite as a star. According to a new study, layers of their upper atmospheres sit at temperatures and pressures resembling those on Earth, and could host microbes that surf on thermal updrafts. The idea expands the concept of a habitable zone to include a vast population of worlds that had previously gone unconsidered. "You don't necessarily need to have a terrestrial planet with a surface," says Jack Yates, a planetary scientist at the University of Edinburgh in the United Kingdom, who led the study. Atmospheric life isn't just for the birds. For decades, biologists have known about microbes that drift in the winds high above Earth's surface. And in 1976, Carl Sagan envisioned the kind of ecosystem that could evolve in the upper layers of Jupiter, fueled by sunlight. You could have sky plankton: small organisms he called "sinkers." Other organisms could be balloonlike "floaters," which would rise and fall in the atmosphere by manipulating their body pressure. In the years since, astronomers have also considered the prospects of microbes in the carbon dioxide atmosphere above Venus's inhospitable surface. Yates and his colleagues set out to update Sagan's calculations and to identify the sizes, densities, and life strategies of microbes that could manage to stay aloft in the habitable region of an enormous atmosphere of predominantly hydrogen gas. On such a world, small sinkers like the microbes in Earth's atmosphere or even smaller would have a better chance than Sagan's floaters, the researchers will report in an upcoming issue of The Astrophysical Journal. But a lot depends on the weather: If upwelling winds are powerful on free-floating brown dwarfs, as seems to be true in the bands of gas giants like Jupiter and Saturn, heavier creatures can carve out a niche. In the absence of sunlight, they could feed on chemical nutrients. Observations of cold brown dwarf atmospheres reveal most of the ingredients Earth life depends on: carbon, hydrogen, nitrogen, and oxygen, though perhaps not phosphorous.

As if we don't already have enough devices that can listen in on our conversations, security researchers at Israel's Ben Gurion University have created malware that will turn your headphones into microphones that can slyly record your conversations. TechCrunch reports: The proof-of-concept, called "Speake(a)r," first turned headphones connected to a PC into microphones and then tested the quality of sound recorded by a microphone vs. headphones on a target PC. In short, the headphones were nearly as good as an unpowered microphone at picking up audio in a room. It essentially "retasks" the RealTek audio codec chip output found in many desktop computers into an input channel. This means you can plug your headphones into a seemingly output-only jack and hackers can still listen in. This isn't a driver fix, either. The embedded chip does not allow users to properly prevent this hack which means your earbuds or nice cans could start picking up conversations instantly. In fact, even if you disable your microphone, a computer with a RealTek chip could still be hacked and exploited without your knowledge. The sound quality, as shown by this chart, is pretty much the same for a dedicated microphone and headphones. The researchers have published a video on YouTube demonstrating how this malware works.