March 2017
Intermediate to advanced
262 pages
5h 26m
Chinese
Content preview from 物联网设备安全
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
106
|
第
4
章
4.1.3 SmartThings
的
SSL
证书验证漏洞
2015
年
3
月, 题 为“
SmartThings SSL
证书验证漏洞”的报告曝光了一个关于
SmartThings Hub
的关键问题:
SmartThings Hub
与
SmartThings
后端服务器之间的通信使用
SSL
加密。然而,使
用的
SSL
客户端应用不验证在初始信息交换过程中由服务器发送的
SSL
证书的真
实性。一个具有监测和拦截流量能力的攻击者,可以为集线器提供一个“伪造”的
SSL
证书,自称是一个合法的后端服务器,这个证书将被集线器认为是真正的证书
而接受。这样就可以进行“中间人”攻击,不知不觉,攻击者实现转播客户端和服
务器之间的通信。在这种情况下,对攻击者能够获得未加密形式的通信,并且能够
进行修改和中断,有效地击败
SSL
加密所提供的保护。
安全和认证通信对
Smartthings
这样的平台来说是重要的,可作为家庭安全系统的
一部分。例如,当
SmartSense
开
/
关传感器开着的时候,集线器传送一个数据包。
攻击者可以通过简单地不转发此数据包阻止来自每一个到达
SmartThings
后台服务
器的事件通知,相应地,也能够阻止传送到终端用户的通知。
一个潜在的缓解因素是集线器缺少能够使用的
WiFi
连接,攻击者需要物理连接到
集线器所在网络,或是在互联网传输过程中进行拦截,缺乏
WiFi
连接使得通信拦
截更加困难。
然而这并不能提供完整的保护,因为一些家庭网络使用
WiFi
网桥或中继器。攻击
者可能也会损害网络上的其他设备,例如对路由器或个人媒体服务器实施流量拦截。 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.