March 2017
Intermediate to advanced
262 pages
5h 26m
Chinese
Content preview from 物联网设备安全
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
联网汽车的安全性分析
——
从燃油汽车到全电动汽车
|
173
特性产生了这个结果,并在这种情况下存在问题。不应该把责任推到车主身上(在大多
数情况下,将其证书广播给第三方应用程序是无意的),这个问题可以补救的唯一方法
是由特斯拉提供一个生态系统,并定义和鼓励安全开发和审核应用程序。
6.3.4
借用别人的电话
特斯拉
iOS
应用程序存储了一个令牌,令牌由应用程序中
Library/Cookies/
目录下的
API
成功身份认证后生成,存储在名为
Cookies.binarycookies
的文件中。物理访问到特斯拉
拥有者电话的任何人能够使用像
PhoneView
一样的工具捕获这个文件,如图
6-11
所示。
图 6-11:苹果手机包含的身份认证令牌在 Cookies.binarycookies 文件中
任何临时访问特斯拉拥有者的手机都能窃取到这个文件的内容,直接请求控制
API
功能。
此会话令牌的值已被证明具有
3
个月的有效期。
发生这种情况的可能性很低,因为它需要物理访问车辆拥有者的电话。然而,与简单的
临时访问的物理密匙不同(在电话中所扮演的角色),即使返还电话,潜在的恶意实体
将有长期访问的功能。
然而,再次给业主带来的风险是:由于依赖传统的用户名和密码凭据,用户很有可能依
靠验证会话令牌,这样,他们不必在每次登录苹果应用程序的时候都输入密码。
为了改善这一状况,一个简单而优雅的方式是:特斯拉和其他汽车制造商在操作系统中
采用内置的身份验证和授权功能,如苹果的
iOS
系统。最新的苹果手机的指纹识别传感
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.