Toshiba has been a consistent presence in television manufacturing, continuously refining its technology to enhance the home viewing experience. The REGZA AI Engine, particularly the latest REGZA Engine ZRi, represents a significant evolution in television technology. By incorporating artificial intelligence and machine learning, this advanced processor improves picture and audio quality in real-time, adapting to various content types, user preferences, and environmental conditions. Unlike traditional television processors that operate based on static settings, the REGZA AI Engine dynamically adjusts visuals and sound through ongoing scene analysis, providing an optimized experience for viewers.

Designer: Toshina

AI-Powered Picture Optimization

The REGZA Engine ZRi is designed to deliver exceptional picture quality by intelligently analyzing every frame and making precise adjustments to resolution, contrast, color accuracy, and brightness. This AI-driven approach ensures that all types of content, from streaming services to live television, are displayed with clarity and vibrancy.

One of the key features of this technology is 4K AI Upscaling, which enhances lower-resolution content to appear sharper and more detailed on high-resolution screens. Unlike traditional upscaling methods, which simply stretch and sharpen images, Toshiba’s AI-powered approach reconstructs fine details by using deep learning to predict and fill in missing visual information. This results in a more authentic and natural-looking image, even when watching older or lower-quality video sources.

The Dolby Vision IQ and HDR 10+ Adaptive support further enhance the viewing experience by dynamically adjusting brightness and contrast based on ambient lighting conditions. With these technologies, dark scenes remain detailed and visible without overexposure, and bright sequences maintain clarity without appearing washed out. Whether watching a cinematic blockbuster or a high-action sports event, the REGZA AI Engine ensures the best possible visual quality in any lighting environment.

Additionally, AI Picture Optimizer detects the type of content being displayed—such as movies, live sports, or animation—and automatically adjusts color saturation, contrast levels, and sharpness to optimize for that specific category. This feature ensures that vibrant hues in animated films remain true to their intended palette while maintaining a more natural color balance for live-action footage.

Intelligent Sound Engineering with AI

Beyond just enhancing visuals, the REGZA AI Engine brings significant advancements to audio processing, delivering an immersive and cinematic sound experience. Traditional televisions often rely on static audio settings that do not adjust based on the type of content or the acoustic environment. In contrast, Toshiba’s AI-powered audio processing dynamically optimizes sound based on real-time analysis.

The REGZA Power Audio Extreme system enhances depth and clarity by using psychoacoustic bass enhancement technology. This technology adjusts low-frequency sounds to create a richer and more powerful auditory experience. This is particularly noticeable in action movies and live concerts, where deep bass tones contribute to the overall impact of the scene.

Additionally, AI Sound Calibration intelligently balances high, mid, and low frequencies depending on the content being played. For dialogue-heavy content, the AI emphasizes speech clarity, ensuring that voices remain crisp and intelligible without being overshadowed by background music or sound effects. For action sequences and live sports, the AI enhances spatial audio, making the audience feel immersed in the scene.

Another key feature is Room Acoustic Optimization, which uses a built-in radar sensing system to analyze the room’s dimensions and adjust the sound output accordingly. This means that regardless of where a viewer is sitting, the television optimizes the audio projection to ensure a balanced and immersive experience.

Redefining Visual and Audio Perception Through Smart Technology

The Toshiba TV X9900 delivers lifelike visuals through millions of self-luminous pixels that detect nearby colors. It offers 4K quality with Full HD content revealing details that were previously unnoticed. From nature documentaries to sports broadcasts, the television’s color and shadow reproduction transports viewers to remarkable visual landscapes. REGZA Power Audio Extreme provides immersive sound, while its psychoacoustic bass enhancement technology intelligently adjusts frequencies, creating a powerful auditory experience that transforms entertainment.

Toshiba continues to push innovation in smart home entertainment, ensuring its AI-driven technologies evolve alongside consumer expectations. With REGZA Intelligence, viewers can experience adaptive enhancements that improve every aspect of their television use. The company’s ongoing commitment to delivering high-quality visuals, intelligent sound calibration, and AI-powered enhancements set a new benchmark for immersive entertainment.

The post Toshiba REGZA AI Engine: Advancing Home Entertainment Through AI first appeared on Yanko Design.

Hisense is set to redefine home theater audio in 2025 with its new sound system designed to make great sound feel effortless. The Hisense HT Saturn offers a bold promise of fully wireless surround with a 4.1.2 channel audio system, delivering cinematic sound without the hassle that plagued older setups. It transforms the usual nest of cables into a sleek environment, allowing four individual wireless satellite speakers and a standalone 6.5-inch subwoofer to settle comfortably wherever the room’s personality leads. The company’s engineers believe it’s time to give home audio the freedom it deserves. As Hisense describes it, “Everything sounds like it’s a perfectly balanced home theater audio system.”

Designer: Hisense

Hisense’s approach draws attention to how people actually live. The HT Saturn listens to the room before it does anything else, using a small dongle that connects to the TV and emits a precise calibration tone. This tone interacts with the room’s surfaces, furniture, and layout, allowing the system to analyze sound reflections and distances. Based on this data, the system automatically adjusts each speaker and subwoofer to deliver balanced audio tailored to the unique acoustics of the space.

A Home Theater Built for Big Screens

The HT Saturn sets a new standard in audio performance. It was purpose-built to complement Hisense TVs 85 inches and larger. Featuring Pure Surround Dolby Atmos and DTS:X, it surrounds users with multidimensional soundscapes, ensuring every audio detail is delivered with precision and creating a fully immersive experience. Whether you’re watching a blockbuster or gaming with friends, the system captures every detail with precision, enhancing the emotional impact of every scene.

The company seems intent on proving that there is more to a satisfying experience than numbers on a spec sheet. The HT Saturn distinguishes itself acoustically by pairing premium sound quality with intuitive features that simplify its use, from its automatic calibration to its seamless integration with TV speakers. This seamless collaboration is powered by Hisense’s proprietary Hi-Concerto Technology, which synchronizes the HT Saturn with the TV’s built-in speakers to deliver an expanded and immersive audio field.

Another subtle touch is the single remote approach, which simplifies daily interactions by replacing the need for multiple remotes. This integration ensures that users can control the HT Saturn and TV seamlessly, avoiding the clutter and confusion often associated with multi-remote setups. Everything is integrated, even the onscreen menus. The company’s representatives made it clear that the HT Saturn is less about forcing people to understand complex settings and more about putting them at ease from day one. The inclusion of EZ Play ensures direct control via the Hisense remote, further simplifying the user experience.

Hisense’s forward-thinking design choices extend to the system’s use of advanced connectivity options and seamless integration with evolving home entertainment setups. The HT Saturn fully utilizes advanced connectivity options like HDMI eARC and Bluetooth 5.3, enhancing the user experience by ensuring high-quality audio transmission, seamless device pairing, and broad compatibility with evolving television technologies. The system also includes five tailored EQ modes, optimizing sound for movies, music, sports, and more to suit user preferences.

Tailored Sound Modes for Every Occasion

One of the HT Saturn’s defining acoustic qualities is its ability to adapt. The system’s ability to compensate for unconventional speaker placement ensures “tremendous flexibility” while delivering uncompromised sound. Wherever you’re seated—directly in front of the screen or off to the side—the HT Saturn fine-tunes its output to ensure every spot feels optimal.

While final pricing and release details remain unannounced, Hisense plans to showcase the HT Saturn at CES 2025, where attendees can experience its innovative wireless capabilities and immersive sound performance firsthand. I’ll be at CES to explore Hisense’s innovations in depth, focusing on HT Saturn’s wireless flexibility, acoustic calibration, and overall user experience. I’m eager to test how it performs in a live environment and will share those insights with you.

Initial observations suggest that this wireless sound system, with its 13-speaker system and tailored sound modes, might redefine expectations regarding installation and comfort.

The post Hisense HT Saturn Soundbar Showcases Wireless 4.1.2 Audio and Immersive Performance at CES 2025 first appeared on Yanko Design.

Don’t dismiss the Vision Pro just yet. Sure, rumors have been swirling that the company has pretty much halted all production of their flagship spatial computing device, but Bloomberg’s Mark Gurman has some interesting updates. His scoop? Apple and Sony, are reportedly in talks to integrate PlayStation VR2’s Sense controllers with Apple’s Vision Pro headset. This partnership, if realized, could reshape how we think about virtual and mixed reality experiences, seamlessly blending gaming prowess with Apple’s signature design ethos.

The Vision Pro, Apple’s first foray into spatial computing, debuted as a device with lofty ambitions. Relying on gaze-and-pinch interactions paired with hand-tracking, its interface felt futuristic yet restrained when stacked against the tactile immersion offered by physical controllers. While its approach works wonders for casual gaming and productivity tasks, the absence of tactile input left a gaping hole in its potential for more dynamic, fast-paced VR gaming. Enter Sony, whose PS VR2 Sense controllers are heralded for their precise tracking, haptic feedback, and adaptive triggers. It’s easy to see why Apple would tap into Sony’s expertise to elevate Vision Pro’s gaming and interactive experiences.

Gurman, a well-known source of tech scoops, shared that Apple initiated discussions with Sony earlier this year, targeting the seamless integration of the Sense controllers into the Vision Pro ecosystem. The collaboration promises to extend beyond just gaming, allowing users to navigate visionOS interfaces using Sony’s controllers. For Vision Pro, this move is not just a band-aid solution but a strategic decision aimed at capturing a more serious gaming demographic. The absence of robust gaming support has been a sticking point for Vision Pro since its announcement. Adding PS VR2 Sense controllers could be the olive branch Apple extends to hardcore gamers who’ve so far been unimpressed by its current offerings.

What’s particularly intriguing is the potential ripple effect this partnership could have on the gaming industry. Sony has been fiercely protective of its PS VR2 ecosystem, even to the extent of not selling its Sense controllers separately. Yet, this exclusivity might soften if Sony and Apple push ahead with making these controllers available through Apple’s sales channels. Imagine walking into an Apple Store, purchasing a PS VR2 Sense controller, and unlocking new gaming experiences on a Vision Pro. It’s a scenario that positions both companies as collaborators rather than competitors—an unusual but potentially brilliant strategy.

But could this partnership lead to something even bigger? Some speculate it might pave the way for a broader gaming alliance between Apple and Sony. Such a move would undoubtedly send shockwaves through the gaming industry, especially with Microsoft’s Xbox looming large as the primary rival. While Apple could technically develop its own controllers tailored to the Vision Pro, partnering with Sony allows them to sidestep years of R&D and leverage Sony’s established credibility among gamers.

Beyond gaming, this partnership could also enhance Vision Pro’s value proposition for non-gaming applications. The tactile advantages of Sony’s controllers could transform how professionals interact with 3D models, designers manipulate virtual canvases, or filmmakers storyboard immersive scenes. By broadening its use cases, Apple has a shot at making Vision Pro more than a niche device for early adopters or AR enthusiasts.

Yet, as with any ambitious endeavor, there are potential roadblocks. Gurman notes that the announcement, initially planned for weeks ago, was delayed—possibly signaling internal hiccups or last-minute refinements. Whether it’s technical integration challenges, supply chain constraints, or plain old corporate hesitance, there’s always a chance this partnership could stall or be scrapped altogether.

However, the timing of this rumor feels strategic. Vision Pro’s early reviews have highlighted its groundbreaking potential while pointing out areas where it falls short. Apple knows that it must demonstrate more than technological novelty to justify the $3,500 price tag. Teaming up with Sony to bring richer gaming and interactive experiences could be the shot in the arm Vision Pro needs as it prepares for its full release next year.

For now, Apple and Sony remain tight-lipped, but the possibility of this partnership is tantalizing. It paints a picture of a future where Apple’s minimalistic design philosophy meets Sony’s immersive gaming technology, creating an ecosystem that’s not only expansive but compelling. If nothing else, it underscores Apple’s willingness to think beyond its walled garden—a refreshing shift for a company known for keeping things close to its chest.

So, will this be the start of a beautiful friendship between Apple and Sony, or just another chapter in the rumor mill? Only time will tell. But for now, the idea of navigating visionOS with a PS VR2 Sense controller is enough to keep tech enthusiasts and gamers alike dreaming of the possibilities. And if this collaboration does take off, maybe it’s time to rethink that Xbox subscription—just saying.

The post Apple and Sony are apparently working on PlayStation VR2 Gaming Controllers for the Vision Pro first appeared on Yanko Design.

You may know Leica for their expensive pro-grade cameras, but did you know the company makes expensive projectors too? Aside from high-end cameras, the company has made in-roads in quite a few industries that rely on optics, like binoculars, televisions, and projectors. Although the brand is most known for building products with a premium price tag, their latest projector, the Cine Play 1 has an unusually affordable price, considering its 4K output and ability to output a massive 300-inch screen to rival most cinemas.

I’ve long been an advocate for projectors. They’re the same price as TVs, while being portable and having the ability to cast displays nearly 5x larger than most televisions. While the Cine Play 1’s $3,795 price tag isn’t really “affordable”, it does feel so when compared to something like Samsung’s 146-inch “The Wall” 4K television that has an eye-watering $220,000 market price. Contrast it with any other leading 4K long-throw projector brand too, and the Cine Play 1 fits well within the $2000-$4000 range for its category.

Designer: Leica

So, what makes it special? For starters, the Cine Play 1’s compact design. We’re talking a sleek 10.3 x 9.5 x 9-inch box that packs a mighty 3,000 lumens, making it versatile enough for various settings—even well-lit rooms. Thanks to its triple RGB laser tech and Leica Image Optimization, colors remain balanced and vivid, while its 4K clarity holds strong even as you scale down to 65 inches. This adaptability makes it ideal for any space, whether you’re hosting a gaming night or screening movies under the stars.

The overall design is a nod to Leica’s strong minimal-metal visual DNA. With a Bauhaus-inspired single-piece aluminum body and glass front, it’s a minimalist piece that complements any space. As an optional add-on, Leica also lets you buy a floor stand that complements your projector with an all-metal design and hidden power connections that route cables through the stand’s central cylindrical pillar, rather than having the cable dangle aimlessly around and ruin your room’s aesthetic.

You’d expect anything with Leica’s brand name to nail the visuals and optics, but the projector does a stellar job with audio too. The Cine Play 1 is built-in 10-watt speakers feature DTS Virtual:X, simulating surround sound to create an immersive audio experience. This means there’s no need to fuss with external speakers; you’re set with crisp highs and rich bass tones right out of the box. User experience features like automatic image alignment save you from the usual trial-and-error of projector placement. And with HDR10+ and Dolby Vision support, Leica wants you to enjoy content in the quality it was meant to be seen.

With built-in WiFi, the projector also lets you stream directly from your favorite apps, turning any surface into a high-quality viewing experience without additional gear or hassles. The inclusion of Apple Airplay, Bluetooth, Wi-Fi, and multiple ports allows you to stream from smartphones, tablets, laptops, or external drives. The VIDAA smart system gives you quick access to popular streaming apps, while smart home integration lets you control it with just your voice.

Priced at $3,795, the Cine Play 1 is definitely a more affordable entry in the Leica lineup, aimed at enthusiasts who appreciate high-end design but are conscious of budget. And if you’re short on surface space, Leica offers a compatible tripod stand for an extra $495, so you won’t be restricted to a countertop setup. For those ready to elevate their viewing game without a massive home theater overhaul, the Cine Play 1 feels like an intriguing blend of luxury and practicality.

The post Leica’s New 4K ‘Cine Play 1’ Projector Brings a Massive 300-Inch Screen to Your Home first appeared on Yanko Design.

Ce bon vieux YouTube est toujours là pour nous divertir avec ses vidéos à n’en plus finir mais parfois, on aimerait bien pouvoir y faire un petit tour incognito, histoire de regarder tranquillou ce qui nous chante sans que ça nous colle à la peau ad vitam aeternam. Vous voyez ce que je veux dire ? Vous matez une interview d’artiste ou quelques vidéos de chats et PAF, votre page d’accueil ne vous recommande quasiment plus que ça ! Ou alors, vous vous laissez tenter par quelques tutos de bricolage et là, c’est le drame : YouTube s’imagine que vous êtes MacGyver et vous spamme de suggestions pour construire un palace avec trois briquettes et un trombone… Bonjour l’angoisse !

Mais ne vous inquiétez pas, j’ai la solution à votre problème ! Laissez-moi vous présenter… roulements de tambour… YouTube Incognito Mode ! Grâce à cette merveilleuse extension Chrome disponible sur GitHub, vous allez pouvoir vous balader sur YouTube comme un ninja des internets, sans laisser la moindre trace compromettante derrière vous.

Une fois l’extension installée, il vous suffit de vous rendre sur YouTube et de cliquer sur l’icône de YouTube Incognito Mode dans votre navigateur. Et là, vous serez propulsé dans une nouvelle fenêtre, où vous pourrez vaquer à vos occupations sans craindre que vos petits secrets ne soient dévoilés au grand jour.

Et non content de vous offrir une navigation privée digne de ce nom, cette extension va même jusqu’à bloquer les publicités pour vous !

Bref, plutôt cool comme petite extension. Ça se télécharge ici.

Vous rêvez de donner à vos projets d’IA des superpouvoirs visuels ? Ne cherchez plus, Supervision est là pour vous ! Détecter des objets, segmenter des instances, annoter des images et des vidéos… tout ça devient possible en quelques lignes de code seulement grâce à ce projet qui propose une API intuitive et des fonctionnalités avancées pour vous faciliter la vie.

Le secret de Supervision ? Une intégration transparente avec les meilleures librairies de deep learning du moment comme YOLO-NAS, YOLOv8…etc. Ces modèles surpuissants de détection d’objets n’auront plus de secrets pour vous et grâce à eux, vous pourrez identifier et localiser précisément chaque élément dans vos images et vidéos.

Supervision vous offre aussi des outils d’annotation et de visualisation hyper pratiques. Vous pourrez par exemple dessiner des boîtes englobantes autour des objets détectés, afficher les masques de segmentation avec des couleurs personnalisées, ajouter des étiquettes et des scores de confiance…etc.

Côté données, il assure également avec son API de gestion de datasets qui permet de charger vos images et annotations au format YOLO en un clin d’œil, explorer votre dataset, filtrer et spliter les données comme un pro…etc. C’est super simple !

Si ça vous intéresse, tout est sur le repo GitHub du projet et il y a même un site dédié avec la doc, le détail des API et plein d’exemple.

It hasn’t even been a year since it launched, but there are already talks of Apple’s next headset after the Vision Pro. No, it won’t be an upgrade that will make the $3,500 device obsolete but, instead, might even be considered a downgrade of sorts. In a way, this more affordable Apple Vision will be its own class, one that might have to make quite a few compromises to reach a desired price point. What those cuts will be is still unknown, but some insider insight suggests that the non-Pro Vision headset might offload its processing and software to an external device, requiring you to tether it to an iPhone or even a Mac or MacBook.

Designer: Apple (via Mark Gurman)

Impressive as the Vision Pro and visionOS might be, Apple’s spatial computing platform hasn’t yet taken the tech world by storm for one critical reason. The headset costs a whopping $3,500, far beyond the reach of developers without deep pockets or backing, let alone regular consumers. Apple has always planned on launching a more accessible Vision headset after the Pro model has taken root, but the big puzzle is how it would make it significantly cheaper without compromising on the experience too much.

The immediate answer would be to take the features down a few notches, throwing out EyeSight that shows your eyes to people on the opposite side of the glass, reducing image quality of passthrough visuals, or using less powerful processors. These, however, are the features that would differentiate the Vision from other mixed reality headsets, and a price tag of $1,500 would make it look even more expensive than the competition without these “killer features.” One alternative would be to have the headset connect to a device, either the iPhone or the Mac, making the Apple Vision focus solely on the optics and display.

This wouldn’t be the first phone-powered headset, and history has given us the advantages and disadvantages of that design. An iPhone would actually offer a bit more mobility and flexibility, especially if it will also power the Vision headset. It could, however, be the bottleneck considering the apps and experiences that visionOS supports. A MacBook, on the other hand, would deliver that much-needed power at the expense of freedom of movement and comfort.

This is definitely a conundrum for Apple, which isn’t always keen on degrading product quality in the name of price cuts. At the same time, however, it really has no choice but to make some concessions if it wants its spatial computing vision to be embraced by more people. It still hasn’t given up on the Vision Pro, whose successor is expected to arrive in 2026, but it will be pouring resources over the more accessible Vision for a 2025 launch, and hopefully, it will be able to hit the nail on the head in the end.

The post Cheaper Apple Vision design might have you connecting to an iPhone or Mac first appeared on Yanko Design.

Plus, Raspberry Pi will list as an IPO on the London Stock Exchange, a boon for the market.

Qui n’a jamais rêvé d’automatiser n’importe quelle tâche web peu importe sa complexité, pour évidemment se la couler douce ?

C’est précisément ce que vous propose Skyvern, un outil qui allie intelligence artificielle et vision par ordinateur pour interagir avec les sites web comme vous le feriez vous-même.

Plus besoin de scripts qui pètent à tout bout de champs, de XPath qui changent tous les 4 matins et de parseurs de DOM capricieux puisque Skyvern est capable de comprendre visuellement ce qu’il y a sur une page web et ainsi générer un plan d’interaction en temps réel.

Cela signifie que Skyvern est capable d’agir sur des sites qu’il n’a jamais vus auparavant, le tout sans avoir besoin de code spécifique. Il analyse les éléments visuels de la page pour déterminer les actions nécessaires pour répondre à votre demande, ce qui en fait un outil immunisé contre les changements de design de sites, contrairement à votre bon vieux scrapper.

Grâce aux modèles de langage (LLM) qu’il embarque, il est capable de « raisonner » donc par exemple, de remplir un formulaire qui vous pose plein de questions, ou de comparer des produits.

Vous voulez voir Skyvern à l’œuvre ? Voici un petit aperçu en vidéo :

Sous le capot, Skyvern s’inspire des architectures d’agents autonomes comme BabyAGI et AutoGPT, avec une couche d’automatisation web en plus, basée sur des outils comme Playwright.

Et comme d’hab, vous pouvez installer la bête sur votre machine et commencer à automatiser tout votre boulot en quelques commandes.

Vous devrez donc avoir Python 3.11, puis installez poetry :

brew install poetry

Ensuite, clonez le dépôt git et aller dans le dossier :

git clone https://github.com/Skyvern-AI/skyvern.git

cd skyvern

Puis lancez le script d’install :

./setup.sh

Une fois que c’est fini, démarrez le serveur :

./run_skyvern.sh

Et voilà, vous pouvez maintenant envoyer des requêtes au serveur, mais ne vous inquiétez pas, y’a une interface graphique :). Pour la lancer :

./run_ui.sh

Ouvrez ensuite http://localhost:8501 dans votre navigateur pour y accéder. Vous verrez alors ce genre d’interface. A vous de remplir les champs qui vont bien pour créer votre première automatisation.

En commande cURL, ça ressemble à ça (pensez bien à mettre votre clé API locale dans la commande) :

curl -X POST -H 'Content-Type: application/json' -H 'x-api-key: {Votre clé API locale}' -d '{
    "url": "https://www.geico.com",
    "webhook_callback_url": "",
    "navigation_goal": "Naviguer sur le site Web jusqu\'à ce que vous obteniez un devis d\'assurance automobile. Ne pas générer de devis d\'assurance habitation. Si cette page contient un devis d\'assurance automobile, considérez l\'objectif atteint",
    "data_extraction_goal": "Extraire toutes les informations de devis au format JSON, y compris le montant de la prime et le délai du devis",
    "navigation_payload": "{Vos données ici}",
    "proxy_location": "NONE"
}' http://0.0.0.0:8000/api/v1/tasks

Vous voyez, on peut vraiment faire des trucs pointu. Et le petit plus, c’est qu’on peut voir toutes les interactions puisque Skyvern enregistre chaque action avec une capture d’écran correspondante pour vous permettre de débugger facilement vos workflows.

Bref, pour en savoir plus, c’est sur le Github. Et sur leur site officiel.

Voici une info qui va vous faire voir les VPN sous un autre angle. Bah oui, parce que si vous pensiez que votre petit tunnel chiffré préféré vous mettait à l’abri des regards indiscrets quand vous surfez depuis un réseau public, désolé de casser vos rêves, mais c’est loin d’être le cas !

Une équipe de chercheurs de Leviathan Security a découvert une faille qu’ils ont baptisée TunnelVision qui permet de court-circuiter la protection des VPN à l’aiiise, grâce à une fonctionnalité bien pratique du protocole DHCP, ce bon vieux serviteur qui distribue des adresses IP à tout va.

En gros, quand vous vous connectez à un réseau, votre machine demande gentiment une adresse IP au serveur DHCP local. Jusque là, tout va bien. Sauf que ce protocole a plus d’un tour dans son sac. Il peut notamment pousser des règles de routage sur votre bécane, via une option peu connue appelée « Classless Static Route » ou option 121.

Concrètement, un attaquant qui contrôle le serveur DHCP peut installer des routes par défaut sur votre machine, ce qui lui permet de rediriger tout votre trafic vers sa propre passerelle, même si vous êtes connecté via un VPN ! Et là, c’est le drame, car il peut intercepter toutes vos données en clair. 😱

Bon, rassurez-vous, il y a quand même quelques conditions pour que cette attaque fonctionne :

• 1. L’attaquant doit avoir un accès physique au réseau local ou être en mesure de compromettre un équipement sur ce réseau.
• 2. Le client VPN ne doit pas bloquer les sorties de trafic vers les interfaces réseau locales.

Mais quand même, ça fait froid dans le dos, d’autant que cette faille touche potentiellement tous les réseaux, des petits réseaux domestiques aux gros réseaux d’entreprise. Les chercheurs ont d’ailleurs réussi à l’exploiter sur Windows, macOS, iOS, Android, et même sur des distributions Linux.

Heureusement, il existe des parades pour se prémunir contre TunnelVision :

• Activer les fonctions de DHCP snooping et d’ARP protection sur les commutateurs réseau pour empêcher l’installation de serveurs DHCP non autorisés.
• Configurer des règles de pare-feu strictes pour bloquer le trafic non autorisé.
• Utiliser des protocoles de chiffrement comme HTTPS pour sécuriser les ressources internes.
• Implémenter une isolation réseau robuste via des fonctionnalités comme les espaces de noms réseau (network namespaces) sous Linux.

Les fournisseurs de VPN ont évidemment aussi un rôle à jouer en documentant publiquement les mesures d’atténuation contre TunnelVision et en avertissant leurs utilisateurs des risques.

Bref, en attendant un éventuel correctif, la prudence reste de mise. Mais en appliquant les bonnes pratiques et en restant vigilants, on peut quand même limiter les dégâts ! Si le sujet vous intéresse et que vous voulez aller plus loin, je vous invite à consulter le papier de recherche complet qui détaille le fonctionnement technique de TunnelVision. C’est un peu ardu, mais ça vaut le coup d’œil pour les plus motivés d’entre vous.

Source