March 2017
Intermediate to advanced
262 pages
5h 26m
Chinese
Content preview from 物联网设备安全
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
傻瓜盒子
——
攻击
“
智能
”
电视
|
125
intGame_Main(char *path, char *udn)
{
system("telnetd&");
return 0;
}
在这个例子中,应用程序开启
Telnet
服务(假定该服务已经安装在系统上)。然而,
LExxB650
系列不允许安装其他共享库应用程序。这对于那些可以修改电视功能,或者
可以安装恶意代码以感染设备(比如,允许攻击者通过查看电视上的摄像头盗取用户隐
私或偷取可能存储于电视上的任何认证信息)的第三方软件来说,是一个非常苛刻的限
制条件。
Mulliner
和
Michéle
研究的目的是测试并证实是否存在一种方法能够绕过这一
限制。
5.1.2
漏洞利用
回忆一下,
exeDSP
可执行文件是通过
root
权限运行的。
exeDSP
进程也用于调用共享库
应用程序。由于
exeDSP
不能降低共享库应用程序的运行权限,因而,对于攻击者来讲,
安装额外的第三方应用程序就非常有吸引力了。对于想要扩展或变更电视功能的用户来
讲,同样如此。因此,攻击者的目标就变成了想办法让电视允许安装外部
Game
类型的
共享库代码应用程序。
Mulliner
和
Michéle
使用
Gumstix
扩展板建立攻击环境。
Gumstix
板配有一个
USB OTG
端口,允许其他
USB
设备作为客户端接入(例如,
USB
存储卡以及数字摄像机)。
USB OTG
也允许
Gumstix
板充当客户端(例如,
USB
存储卡作为存储设备接入其他主
机的
USB
端口)。
Gumstix
板基本上就是一个迷你计算机。厂商的说明书中有介绍如何连接一个新的 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.