March 2017
Intermediate to advanced
262 pages
5h 26m
Chinese
Content preview from 物联网设备安全
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
未来的安全
——
对话将来的攻击方式
|
227
说话者)。然而,今天越来越多的人依赖像
Echo
这样基于语音的个人助手。一些用户
依赖像
Echo
这样的设备控制电灯这样的物联网设备,能够导致用户物理安全的冲击。
使得这种攻击途径越来越受关注。
亚马逊
Echo
也能和
IFTTT
方法一起使用,能够控制
WeMo
开关(在第
3
章讨论过)。
这使得
Echo
成为强大的设备,不仅能控制家中的电灯,还能控制一系列电子设备。
Echo
仅仅允许用户选择“
Alexa
”
或“
Amazon
”作为唤醒口令,并为每个命令发出的
第一个词,以便
Echo
了解用户对设备的意图。如果亚马逊需要用户选择一个独特的唤
醒词,我们概念证明的基础将被打破。当然,威胁代理例如不怀好意的邻居或恶意团体
能够通过智能电视的相机进行窃听,可以找出设置的唯一唤醒词。但是,这基本上能够
限制来自威胁代理的风险使代理人不能访问到信息。
像
Echo
这样的产品设计者应该考虑恶意软件的行为,利用音频作为攻击途径的实施频段,
因为这些产品被设计成主要使用音频通信。语音识别安全漏洞在过去没有得到应有的关
注,但是产品设计和使用者应该意识到,随着我们不断增加对
Echo
这样的助手的依赖,
滥用音频频段的途径会不断扩大。
8.5
物联网云基础设施攻击
提供互联网连接的设备需要支持云基础设施。我们已经看到,使用
iOS
应用程序可以控
制世界上任何地方的
hue
照明系统。我们也看到,通过亚马逊云服务托管的支持基础设
施可以远程访问
WeMo
婴儿监控器。此外,使用
iOS
应用程序可以保持特斯拉
S
型与特
斯拉的基础设施持续的蜂窝连接以获得空中更新,发送诊断信息 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.