March 2017
Intermediate to advanced
262 pages
5h 26m
Chinese
Content preview from 物联网设备安全
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
联网汽车的安全性分析
——
从燃油汽车到全电动汽车
|
161
的蓝牙功能也被认为是福特同步计算机。研究人员发现,必须明确地按下汽车上的一个
键将其变为配对模式,使其连接和信任一部特定的智能手机。汽车显示一个
6
位密码,
必须将它输入智能手机进行配对。然而,由加利福尼亚大学圣迭戈分校和华盛顿大学组
成的研究小组已经确定利用蓝牙技术进行直接和间接的无线网络攻击的场景。
这些研究人员对他们用于实验汽车上的蓝牙固件进行逆向工程之后,发现各种缓冲区溢
出攻击漏洞(他们的文章中没有提到使用的模型或制造商)。缓冲区溢出攻击能用于摧
毁受害者的计算机内存,用代码注入重写相邻的存储单元。这可以让攻击者远程获得计
算机的完全控制权。研究人员没有透露他们利用的确切代码,但是他们表示,他们能够
滥用不当的
strcpy
函数执行,这是一个非常常见导致缓冲区溢出攻击的途径。
在利用缓冲区溢出条件之前,攻击者首先要用恶意智能手机与使用蓝牙的汽车进行配对。
研究人员解释说,这可以用两种方式:间接方式和直接方式。间接选项需要攻击者获得
汽车车主拥有的手机的临时物理访问权限,并且这个手机已经和蓝牙系统配对,或者更
有可能的是诱使车主下载一个已经感染的应用程序。已经有很多这样的案例,恶意应用
程序已经悄悄溜过著名的应用程序商店平台的审查,例如
Google Play Store
(
Android
Market
的原身),所以我们有证据表明攻击者的应用程序可供用户设备下载。研究人员
声称,司机用已经与蓝牙系统配对的智能手机,被引诱下载并运行恶意应用程序,缓冲 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.