March 2017
Intermediate to advanced
262 pages
5h 26m
Chinese
Content preview from 物联网设备安全
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
32
|
第
1
章
{"code":200,"message":"ok","result":"ok"}
www.meethue.com
响应信息中的
ok
表示命令已经成功执行,所有的灯泡都关闭了。
1.3.1
从移动设备中偷取令牌
iOS App
将
username
令牌和
www.meethue.com
网站令牌分别命名为
uniqueGlobalDeviceIdentifier
和
sdkPortalToken
,保存到
iPhone
和
iPad
的
Library/
Preferences/com.philips.lighting.hue.plist
文件中。临时访问照明用户的移动设备,可以
获取这些文件并能够远程控制用户照明灯泡。由于攻击者需要获取访问移动设备的权限,
因此这种风险的可能性较低。
1.3.2
恶意软件可导致持续停电
在分析用例的过程中,我们学习了如何使用
iOS App
注册网桥
username
令牌。这个秘
密令牌可被用在局域网内与网桥直连的所有设备上,并可发送授权指令控制灯泡。
我们发现,
iOS App
采用的
username
令牌并不是随机生成的,而是通过对
iPhone
或
iPad
的
MAC
地址进行
MD5
加密之后生成的哈希值。每一个网卡(不管有线的还是无线的)
都可以手工设置一个独立的
MAC
地址。不管是有线网卡还是无线网卡,其在本地局域
网内的
MAC
地址都可以通过执行
arp
指令来获得,大多数操作系统都支持该命令。
$
arp -a -n
? (172.20.0.1) at d4:ae:52:9d:1f:49 on en0 ifscope ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.