March 2017
Intermediate to advanced
262 pages
5h 26m
Chinese
Content preview from 物联网设备安全
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
攻击无线护士站
——
破坏婴儿监视器和其他设施
|
85
Isaac Kelly
使用
Python
创建了一个概念证明(
proof-of-concept
)工具包,用于测试本地
访问
WeMo
智能开关。出于演示的目的,我们给出一个简单的恶意脚本的例子,该脚本
利用了
Isaac Kelly
的工具包框架,可以永久关闭插入在智能开关上的电子设备:
#!/usr/bin/python
import time
from wemo import on, off, get
while True:
off()
time.sleep(5)
在我的
YouTube
上,能看到该攻击方法的视频演示。
注意,这里没有要求任何认证,也没有要求使用任何授权!现在,我们有了充分的证据
证明:类似的攻击思路使用在
WeMo Baby
和
WeMo
智能开关这类产品的设计中。与婴
儿监控器的情况类似,恶意软件开发者可以很轻松地利用安全缺陷,利用已经攻陷的计
算机设备,可以快速地切换
WeMo
智能开关的电源。
除了本地访问以外,应用程序还可以进行远程访问,所以你可以在世界各地切换智能开
关。要做到这一点,应用程序首先要向
remoteaccess1
服务发送一个与
WeMo Baby
设
备类似的请求。在调用运行于智能开关本地
web
服务器上的
remoteaccess1
服务时,应
用程序会发送一个用户定义的字符串作为设备名称。该字符串会被作为响应传回,并保
存为智能开关的授权令牌。
当用户位于远程网络环境中时,
DeviceName
值会被发往
https://api.xbcs.net: ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.