March 2017
Intermediate to advanced
262 pages
5h 26m
Chinese
Content preview from 物联网设备安全
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
198
|
第
7
章
络,并且接入到网络中获取认证信息,也就是说,攻击者可以将攻击向量植入到恶意代
码中,之后通过使用感染了恶意软件的计算机设备能够自动完成这一攻击过程。我们的
社会到处都是物联网产品,因而恶意软件的开发者也会不断地设计出病毒软件来充分
利用这一形式。恶意软件可以感染特定的设备,依赖于已经建立的
WiFi
连接,而一般
WiFi
连接密码是已加密的形式存储。进而,如果获取了
WiFi
网络的明文密码则增加了
远程攻击的效率。
对付这种攻击的一个办法就是:在每一个产品中嵌入一个唯一的私有密钥,这个代价可
能比较高。作者的观点是在设备上印一个序列码,作为真实
WiFi
密码的加密密钥。连
接网络时,用户必须提供
WiFi
密码和设备序列号,
WiFi
密码和设备序列号被浏览器(使
用
JavaScript
)加密后发送给
cloudBit
,使用序列号本身作为
key
就能解密。有很多加密
方法可以降低产生这一问题的风险。重要的是产品制造商要了解潜在风险,以及可能产
生的后果,并就关于实施安全机制,降低风险做出明智的业务决策。
7.2.2
后台命令执行
第
5
章,我们讨论了几种场景,其中,访问文件系统的情况可以让技术高超的人和恶意
团体发现绕过安全控制和潜在漏洞的方法。
cloudBit
运行在
Linux
操作系统中,含有一
个安全数字卡(
SD card
),卡上面就有一个文件系统。本节,我们尝试挂载
SD
卡,看
看里边到底有什么内容。
通过将
cloudBit
与按钮模块分离就可以关闭项目。小心移除植入在
cloudBit
中的微型
SD
卡,然后将卡插入到一台装备有微型 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.