March 2017
Intermediate to advanced
262 pages
5h 26m
Chinese
Content preview from 物联网设备安全
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
164
|
第
6
章
此外,很明显大部分
ECU
软件在研究者看来都包含基本的软件缺陷,如缓冲区溢出漏洞、
依赖不明确和不好的密码实现(重复出现的问题)。本章所讨论的汽车厂商没有投资分
析代码,以便发现和修复最基本的安全问题,而这在软件开发社区中是众所周知的。除
了分析代码,汽车制造商应该把远程信息处理系统设计为连接到一个受信任的目的地,
而不是接受传入的连接。
过去
20
年,如果笔记本电脑和台式机在同一个局域网络内,我们认为它们彼此可以信任,
现在我们知道并非如此。局域网络上的设备被入侵的几率很高,因此在同一网络上不采
用端点保护这种架构保证他们自己的安全是不可接受的。但今天大多数汽车都采用这种
架构,因为在
CAN
总线上的
ECU
采用信任数据包的完整性和真实性。过去,这种设计
带来的风险是可接受的,因为它需要对汽车进行物理访问。然而,正如我们在这一节所
看到的,研究已经证明这种方法可以被远程利用,这可能会损害汽车司机和乘客的生命
安全和隐私。攻击者这么做的动机有很多,可能只是一个简单的恶作剧,也有可能是针
对个人有目的的攻击,甚至有可能是针对众多汽车车主和乘客的恐怖行为。
本节重要的一点是,今天发现的汽车漏洞源于对内存管理基本原则的忽视,缺乏实用密
码学和基本的安全控制的内容。未来,汽车将更依赖无线连接。我们应该从今天所犯的
错误中吸取教训,我们能创造车是为了保障司机和乘客的安全,而不是暴露出漏洞,让
攻击者滥用。
6.3
特斯拉
Model S
特斯拉汽车、
SpaceX
公司和埃隆
·
马斯克(
Elon Musk
)这些词已成为不懈创新的代名词。 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.