Jonathan Evertz, Merlin Chlosta, Lea Schönherr, and Thorsten Eisenhofer
Whispers in the Machine: Confidentiality in LLM-integrated Systems
Thorsten Eisenhofer
ML & Computer Security
About Me
I am a postdoctoral researcher at TU Berlin where I work in the Machine Learning and Security group of Konrad Rieck. Before that, I completed my PhD at the Ruhr University Bochum in the Systems Security group of Thorsten Holz. During my PhD, I was a security researcher in the DFG Cluster of Excellence “Cyber Security in the Age of Large-Scale Adversaries“ (CASA).
My research focus is on two fundamental aspects, machine learning and computer security, which I aim to investigate from a systems security perspective. By considering the learning algorithm as a part of a larger system, I study the increased attack surface of practical systems, but also analyze how such systems can be secured. I am further interested to investigate how learning-based approaches can be used to solve problems in computer security.
Along the way, I was interning in the SecLab at UC Santa Barbara working with Giovanni Vigna and Christopher Kruegel on symbolic execution and played with Shellphish at the DEF CON CTF finals in Las Vegas. More recently, I was visiting the Cleverhans Lab at the Vector Institute working with Nicolas Papernot on secure and trustworthy machine learning.
I obtained a B.Sc. in Computer Science from Paderborn University and a M.Sc. in Computer Security from Ruhr University Bochum. For my master studies, I was awarded best student in graduating class.
For questions, discussions or collaborations, feel free to reach out.
Publications
2024
Joel Frank, Franziska Herbert, Jonas Ricker, Lea Schönherr, Thorsten Eisenhofer, Asja Fischer, Markus Dürmuth, and Thorsten Holz
A Representative Study on Human Detection of Artificially Generated Media Across Countries
Symposium on Security and Privacy (S&P)
[pdf]
[preregistration]
[code]
2023
Thorsten Eisenhofer, Erwin Quiring, Jonas Möller, Doreen Riepel, Thorsten Holz, and Konrad Rieck
No more Reviewer #2: Subverting Automatic Paper-Reviewer Assignment using Adversarial Learning
USENIX Security Symposium
[pdf]
[slides]
[examples]
[code]
Hojjat Aghakhani, Lea Schönherr, Thorsten Eisenhofer, Dorothea Kolossa, Thorsten Holz, Christopher Kruegel, and Giovanni Vigna
VenoMave: Targeted Poisoning Against Speech Recognition
Conference on Secure and Trustworthy Machine Learning (SaTML)
[pdf]
[code]
Nico Schiller, Merlin Chlosta, Moritz Schloegel, Nils Bars, Thorsten Eisenhofer, Tobias Scharnowski, Felix Domke, Lea Schönherr, and Thorsten Holz
Drone Security and the Mysterious Case of DJI's DroneID
Network and Distributed System Security Symposium (NDSS)
[pdf]
[code]
David Pape, Sina Däubener, Thorsten Eisenhofer, Antonio Emanuele Cinà, and Lea Schönherr
On the Limitations of Model Stealing with Uncertainty Quantification Models
European Symposium on Artificial Neural Networks, Computational Intelligence and Machine Learning (ESANN)
[pdf]
2022
Thorsten Eisenhofer, Doreen Riepel, Varun Chandrasekaran, Esha Ghosh, Olga Ohrimenko, and Nicolas Papernot
Roei Schuster, Jin Peng Zhou, Thorsten Eisenhofer, Paul Grubbs, and Nicolas Papernot
Computing Research Repository (CoRR)
[pdf]
Michel Abdalla, Thorsten Eisenhofer, Eike Kiltz, Sabrina Kunzweiler, and Doreen Riepel
Password-Authenticated Key Exchange from Group Actions
Annual International Cryptology Conference (CRYPTO)
[pdf]
Lea Schönherr, Maximilian Golla, Thorsten Eisenhofer, Jan Wiele, Dorothea Kolossa, and Thorsten Holz
2021
Thorsten Eisenhofer, Lea Schönherr, Joel Frank, Lars Speckemeier, Dorothea Kolossa, and Thorsten Holz
2020
Joel Frank, Thorsten Eisenhofer, Lea Schönherr, Asja Fischer, Dorothea Kolossa, and Thorsten Holz
Leveraging Frequency Analysis for Deep Fake Image Recognition
International Conference on Machine Learning (ICML)
[pdf]
[slides]
[code]
Lea Schönherr, Thorsten Eisenhofer, Steffen Zeiler, Thorsten Holz, and Dorothea Kolossa
Imperio: Robust Over-the-Air Adversarial Examples for Automatic Speech Recognition Systems
Annual Computer Security Applications Conference (ACSAC)
[pdf]
[talk]
[examples]
Selected Talks
Machine Learning and Security, Lecture series “Machine Learning in Science & Industry”, TU Berlin, 2024
Subverting Automatic Paper-Reviewer Assignment, Conference talk, USENIX Security, 2023
Security of Machine Learning Systems, Defense, Ruhr University Bochum, 2023
Communicating Research, Panel discussion, Ruhr University Bochum, 2023
Adversarially Robust Speech Recognition, Spotlight presentation, CASA Retreat, 2021
Taming Audio Adversarial Examples, Conference talk, USENIX Security, 2021
Teaching
Instructor
Privacy and Security in Learning, TU Berlin
Master・Seminar・Summer 2024Security Playground for Generative Agents, TU Berlin
Master・Hands-on class・Summer 2024ML & Computer Security, Ruhr University Bochum
Master・Hands-on class・Winter 2021/22ML & Computer Security, Ruhr University Bochum
Master・Hands-on class・Summer 2021ML & Computer Security, Ruhr University Bochum
Master・Hands-on class・Winter 2020/21
Teaching Assistant
System Security, Saarland University
Bachelor・Lecture・Summer 2021System Security, Ruhr University Bochum
Bachelor・Lecture・Summer 2020Operating System Security, Ruhr University Bochum
Master・Lecture・Winter 2019/20System Security, Ruhr University Bochum
Bachelor・Lecture・Summer 2019
News Coverage
Drone Security
Ruhr University Bochum: «Security vulnerabilities detected in drones made by DJI» (EN)
WIRED: «This Hacker Tool Can Pinpoint a DJI Drone Operator's Exact Location» (EN)
EurekAlert!: «Security vulnerabilities detected in drones made by DJI» (EN)
Golem.de: «DJI-Drohnen verraten Standort des Piloten» (DE)
Caschys Blog: «NDSS: DroneID von DJI kann leicht durch Angreifer gekapert werden» (DE)
hackster.io: «Researchers Release a Tool for Geolocating Commercial Drones and Their...» (EN)
sUAS News: «DIY DJI Aeroscope to find drone operator locations» (EN)
News8Plus: «Security vulnerabilities detected in drones made by DJI» (EN)
大疆.COM: «德国研究人员发现大疆四款无人机存安全漏洞» (CN)
Born's Tech and Windows World: «Security: DJI drones and it's AeroScope vulnerabilities» (EN)
System Weakness: «Annoying Drone Near You? Fuzz It, Find the Operator. A Hack» (EN)
HACKREAD: «Serious DJI Drones Flaws Could Crash Drones Mid-flight» (EN)
C-UAS Hub: «Security Vulnerabilities Found in DJI Drones» (EN)
Bitdefender: «Security Researchers Find Vulnerabilities that Could Crash DJI Drones and...» (EN)
HOMBURG1: «Sicherheitslücken in Drohnen des Herstellers DJI entdeckt» (DE)
infodron.es: «Alemania descubre vulnerabilidades de seguridad en los drones de DJI» (ES)
Forexdigital.net: «Vulnerabilidades de seguranca detectadas em drones fabricados pela dji» (PT)
Tom's Guide: «DJI drones have serious security flaws that can crash them and track your...» (EN)
DroneDJ: «DJI says it fixed drone firmware security flaws before publication of research...» (EN)
drones-magazin.de: «Deutsche Forscher entdecken Sicherheitslücken bei DJI-Drohnen» (DE)
FPV.bg: «Vulnerability in DJI drones reveals pilot information, German study reports» (EN)
DroneXL: «DJI drones have serious security flaws that can crash them and track your location» (EN)
DroneWatch: «DJI stilletjes gestopt met productie van dronedetectiesysteem AeroScope» (NL)
SPIEGEL: «Warum Ukrainer deutsche Drohnen-Hacker um Rat bitten» (DE)
INDIA TODAY: « How civilian drones are being used in Russia-Ukraine war» (EN)
derSTANDARD: «Russische Angriffe auf ukrainische Drohnenpiloten: DJI gesteht unsichere...» (DE)
Accidental Trigger
Ruhr University Bochum: «When Speech Assistants Listen Even Though They Shouldn't» (EN)
NDR: «Wenn der smarte Lautsprecher mit dem Tatort-Kommissar spricht» (DE)
Süddeutsche Zeitung: «Wenn Alexa aus Versehen lauscht» (DE)
STRG_F: «Sex, Streit, Arztgespräche: wie oft Smart Speaker heimlich mithören» (DE)
tagesschau.de: «Die lauschenden Lautsprecher» (DE)
Tagesthemen: «Sprachassistenten hören mit» (DE)
Ars Technica: «Uncovered: 1,000 phrases that incorrectly trigger Alexa, Siri, and Google...» (EN)
ZDF logo!: «Hat Siri schlechte Ohren?» (DE)
detektor.fm: «Alexa, spionierst du mich aus?» (DE)
Fast Company: «Tired of Saying 'Hey Google' and 'Alexa'? Change it Up with These...» (EN)
Mitteldeutsche Rundfunk: «Wann hören Sprachassistenten mit?» (DE)
The Times: «Not in Front of the Speaker! Words that Wake Up Alexa» (EN)
Voicebot.ai: «More Than 1,000 Phrases Will Accidentally Awaken Alexa, Siri, and Google...» (EN)
Hessischer Rundfunk: «Immer ganz Ohr – Lauschangriff der Sprachassistenten» (DE)
Max Planck Society: «Uninvited Listeners in Your Speakers» (EN)
Remote Chaos Experience: «Alexa, Who Else Is Listening?» (EN)
Tech Conversationalist: «Are You Accidentally 'Waking Up' Your Smart Devices?» (EN)
hackster.io: «Incorrect Alexa, Siri, Google Assistant, and Cortana Trigger Words Are...» (EN)
Sputnik International: «‘Alarming’: Research Identifies Over 1,000 Phrases That Trick,...» (EN)
Mimikama: «Wenn Sprachassistenten zuhören, obwohl sie gar nicht sollen!» (DE)
Deep Fake Detection
Ruhr University Bochum: «Fake-Bilder anhand von Frequenzanalysen erkennen» (DE)
Homeland Security News Wire: «Using Frequency Analysis to Recognize Fake Images» (EN)
ElectronicsWeekly.com: «Frequency Analysis can Help Reveal Deep Fake Images» (EN)
Lab Manager: «Recognizing Fake Images Using Frequency Analysis» (EN)
SciTechDaily: «Which Face is Real? Using Frequency Analysis to Identify “Deep-Fake” Images» (EN)
Spektrum.de: «Mathematische Analyse soll alle Deep Fakes enttarnen» (DE)
VDI nachrichten: «Frequenzanalyse enttarnt Fake-Bilder» (DE)
INGENIEUR.de: «Social Media: Mit Frequenzanalysen Deep Fakes auf der Spur» (DE)
INDUSTRY OF THINGS: «Fake-Bilder anhand von Frequenzanalysen erkennen» (DE)
ZDF logo!: «Erkennt Greta Deep Fakes?» (DE)
Adversarially Robust Speech Recognition
RUBIN: «Wie Sprachassistenten unhörbare Befehle befolgen» (DE)
elektroniknet.de: «Angriffe auf Spracherkennungssoftware Kaldi» (DE)
Tech Xplore: «How Voice Assistants follow Inaudible Commands» (EN)
INGENIEUR.de: «Alexa, Siri und Co. – sicherer dank Training» (DE)
sg.hu: «Kivédhető a virtuális asszisztensek manipulálása» (HU)
Ruhr Unversity Bochum: «Die Forschungsreise „Möglichmacher“ legt Halt in Bochum ein» (DE)
WAZ: «IT-Sicherheit heißt: Immer einen Schritt voraus zu sein» (DE)