Skip to content
  • Home Home Home, current page.
  • Moments Moments Moments, current page.

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @
  • Language: English
    • Bahasa Indonesia
    • Bahasa Melayu
    • Català
    • Čeština
    • Dansk
    • Deutsch
    • English UK
    • Español
    • Filipino
    • Français
    • Hrvatski
    • Italiano
    • Magyar
    • Nederlands
    • Norsk
    • Polski
    • Português
    • Română
    • Slovenčina
    • Suomi
    • Svenska
    • Tiếng Việt
    • Türkçe
    • Ελληνικά
    • Български език
    • Русский
    • Српски
    • Українська мова
    • עִבְרִית
    • العربية
    • فارسی
    • मराठी
    • हिन्दी
    • বাংলা
    • ગુજરાતી
    • தமிழ்
    • ಕನ್ನಡ
    • ภาษาไทย
    • 한국어
    • 日本語
    • 简体中文
    • 繁體中文
  • Have an account? Log in
    Have an account?
    · Forgot password?

    New to Twitter?
    Sign up
adversariel's profile
Ariel Herbert-Voss
Ariel Herbert-Voss
Ariel Herbert-Voss
@adversariel

Tweets

Ariel Herbert-Voss

@adversariel

Adversarial machine learning and security, occasionally math and dumb memes. Research scientist @OpenAI / CS PhD @Harvard / cofounder @aivillage_dc @defcon

Cambridge & SF
Joined September 2013

Tweets

  • © 2022 Twitter
  • About
  • Help Center
  • Terms
  • Privacy policy
  • Cookies
  • Ads info
Dismiss
Previous
Next

Go to a person's profile

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @

Promote this Tweet

Block

  • Tweet with a location

    You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more

    Your lists

    Create a new list


    Under 100 characters, optional

    Privacy

    Copy link to Tweet

    Embed this Tweet

    Embed this Video

    Add this Tweet to your website by copying the code below. Learn more

    Add this video to your website by copying the code below. Learn more

    Hmm, there was a problem reaching the server.

    By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.

    Preview

    Why you're seeing this ad

    Log in to Twitter

    · Forgot password?
    Don't have an account? Sign up »

    Sign up for Twitter

    Not on Twitter? Sign up, tune into the things you care about, and get updates as they happen.

    Sign up
    Have an account? Log in »

    Two-way (sending and receiving) short codes:

    Country Code For customers of
    United States 40404 (any)
    Canada 21212 (any)
    United Kingdom 86444 Vodafone, Orange, 3, O2
    Brazil 40404 Nextel, TIM
    Haiti 40404 Digicel, Voila
    Ireland 51210 Vodafone, O2
    India 53000 Bharti Airtel, Videocon, Reliance
    Indonesia 89887 AXIS, 3, Telkomsel, Indosat, XL Axiata
    Italy 4880804 Wind
    3424486444 Vodafone
    » See SMS short codes for other countries

    Confirmation

     

    Welcome home!

    This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.

    Tweets not working for you?

    Hover over the profile pic and click the Following button to unfollow any account.

    Say a lot with a little

    When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.

    Spread the word

    The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.

    Join the conversation

    Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about, and jump right in.

    Learn the latest

    Get instant insight into what people are talking about now.

    Get more of what you love

    Follow more accounts to get instant updates about topics you care about.

    Find what's happening

    See the latest conversations about any topic instantly.

    Never miss a Moment

    Catch up instantly on the best stories happening as they unfold.

    1. Ariel Herbert-Voss‏ @adversariel 31 Mar 2019

      Ariel Herbert-Voss Retweeted KEENLAB

      Very cool work showing feasibility of an adversarial-example-based attack on self-driving cars 😈 I’ve been working on a similar hobby project and love how thorough this write-up is, and I have some comments on the real-world feasibility of these attacks:https://twitter.com/keen_lab/status/1111469579102912512 …

      Ariel Herbert-Voss added,

      KEENLAB @keen_lab
      Experimental Security Research of Tesla Autopilot: https://keenlab.tencent.com/en/2019/03/29/Tencent-Keen-Security-Lab-Experimental-Security-Research-of-Tesla-Autopilot/ …
      4 replies 45 retweets 120 likes
      Show this thread
    2. Ariel Herbert-Voss‏ @adversariel 31 Mar 2019

      They attack autowipers and lane-following through both digital and physical attacks. For digital they show you can inject adversarial examples onto GPU by hooking t_cuda_std_tmrc::compute. This is obviously much harder to accomplish IRL but absolutely worth considering

      1 reply 0 retweets 11 likes
      Show this thread
      Ariel Herbert-Voss‏ @adversariel 31 Mar 2019

      They expertly demonstrate why you should never put a browser on the same network as CAN Bus :P You need physical access once and then can run the attack remote - also note that you can do the injection without root!pic.twitter.com/rQEbZtNJYg

      2:33 PM - 31 Mar 2019
      • 12 Retweets
      • 28 Likes
      • Chomba Bupe Julia Thompson 💚 Flameyyy HyperLink Matthew Wicker bryan owen orbatos JM Chen Boris Pixel 🦓 @ppxl@mastodon.social 🧐
      3 replies 12 retweets 28 likes
        1. New conversation
        2. Ariel Herbert-Voss‏ @adversariel 31 Mar 2019

          Supposing every Tesla shows up on a tool like Shodan a network vuln means somebody can inject a noisy image impacting 400,000+ cars. If the noisy image fools even 0.01% of the cars the potential impact is still massive because every Tesla except the Roadster has autopilot...

          1 reply 0 retweets 11 likes
          Show this thread
        3. Ariel Herbert-Voss‏ @adversariel 31 Mar 2019

          They target the autowipers with a Worley noise image on an electronic display. However they DON'T say how effectiveness changes with screen size/relative orientation -> big difference between feasibility of billboard ad attack vs display which must be right in front of windshield

          1 reply 1 retweet 8 likes
          Show this thread
        4. Ariel Herbert-Voss‏ @adversariel 31 Mar 2019

          They target lane following by adding small white dots to an intersection to cause the car to go into the wrong lane. They acknowledge this attack is human-detectable in clear road conditions but I guarantee it can be obfuscated in icy conditions with carefully-placed sand/salt :Ppic.twitter.com/9GSAMaA4YB

          1 reply 1 retweet 7 likes
          Show this thread
        5. Ariel Herbert-Voss‏ @adversariel 31 Mar 2019

          The downside is that bad weather makes the road messier and harder to orchestrate specific behavior without a lot of planning and intervention, increasing adversary operational risk. To me weather robustness is the bigger safety issue here

          1 reply 1 retweet 11 likes
          Show this thread
        6. Ariel Herbert-Voss‏ @adversariel 31 Mar 2019

          Bad weather might inadvertently cause the system to perceive an adversarial-example-like attack, leading to similarly harmful outcomes. This needs to be explored more fully by autonomous car manufacturers as a point of general robustness rather than purely for security

          2 replies 1 retweet 14 likes
          Show this thread
        7. Ariel Herbert-Voss‏ @adversariel 31 Mar 2019

          Keen Lab’s writeup offers a concrete example of security risks in AI/ML systems - ML researchers please take note that the threat model focuses more on system architecture than on adversarial examples themselves!

          2 replies 2 retweets 16 likes
          Show this thread
        8. Ariel Herbert-Voss‏ @adversariel 31 Mar 2019

          This also fits nicely with the excellent paper by @jmgilmer @ryan_p_adams @goodfellow_ian et al about practical adversarial example threat models: https://arxiv.org/pdf/1807.06732.pdf …

          2 replies 0 retweets 11 likes
          Show this thread
        9. Ariel Herbert-Voss‏ @adversariel 31 Mar 2019

          Also check out the excellent blog post by @catherineols from earlier this week about conflating unsolved research problems with real-world threat models: https://medium.com/@catherio/unsolved-research-problems-vs-real-world-threat-models-e270e256bc9e …

          1 reply 7 retweets 27 likes
          Show this thread
        10. Ariel Herbert-Voss‏ @adversariel 31 Mar 2019

          This thread keeps on giving - just remembered relevant work presented at NeurIPS SecML 2018 by @jhasomesh et al about needing to consider system specifications and semantics when developing robust ML for self-driving cars and other cyber-physical systemshttps://m.youtube.com/watch?v=_k2PBVZYLjE&feature=youtu.be …

          0 replies 0 retweets 8 likes
          Show this thread
        11. End of conversation
        1. slowsociopath‏ @sloddesol 1 Apr 2019
          Replying to @adversariel @thegrugq

          Well done thank you

          0 replies 0 retweets 0 likes
          Thanks. Twitter will use this to make your timeline better. Undo
          Undo

      Loading seems to be taking a while.

      Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

        Promoted Tweet

        false

        • © 2022 Twitter
        • About
        • Help Center
        • Terms
        • Privacy policy
        • Cookies
        • Ads info