相關主題
商品描述
Over the past few years, Internet of Things has brought great changes to the world. Reports show that, the number of IoT devices is expected to reach 10 billion units within the next three years. The number will continue to rise and wildly use as infrastructure and housewares with each passing day, Therefore, ensuring the safe and stable operation of IoT devices has become more important for IoT manufacturers.
Generally, four key aspects are involved in security risks when users use typical IoT products such as routers, smart speakers, and in-car entertainment systems, which are cloud, terminal, mobile device applications, and communication data. Security issues concerning any of the four may lead to the leakage of user sensitive data. Another problem is that most IoT devices are upgraded less frequently, which leads it is difficult to resolve legacy security risks in short term. In order to cope with such complex security risks, Security Companies in China, such as Qihoo 360, Xiaomi, Alibaba and Tencent, and companies in United States, e.g. Amazon, Google, Microsoft and some other companies have invested in security teams to conduct research and analyses, the findings they shared let the public become more aware of IoT device security-related risks. Currently, many IoT product suppliers have begun hiring equipment evaluation services and purchasing security protection products.
As a direct participant in the IoT ecological security research project, I would like to introduce the book to anyone who is a beginner that is willing to start the IoT journey, practitioners in the IoT ecosystem, and practitioners in the security industry. This book provides beginners with key theories and methods for IoT device penetration testing; explains various tools and techniques for hardware, firmware and wireless protocol analysis; and explains how to design a secure IoT device system, while providing relevant code details.
商品描述(中文翻譯)
過去幾年,物聯網(Internet of Things)為世界帶來了巨大的變化。報告顯示,物聯網設備的數量預計在未來三年內將達到100億台。隨著基礎設施和家居用品的日益普及,這一數字將持續上升。因此,確保物聯網設備的安全和穩定運行對於物聯網製造商來說變得更加重要。
一般來說,使用典型物聯網產品(如路由器、智能音箱和車載娛樂系統)時,涉及四個關鍵方面的安全風險,分別是雲端、終端、移動設備應用和通信數據。任何一個方面的安全問題都可能導致用戶敏感數據的洩露。另一個問題是,大多數物聯網設備的升級頻率較低,這使得在短期內難以解決遺留的安全風險。為了應對這些複雜的安全風險,中國的安全公司,如奇虎360、小米、阿里巴巴和騰訊,以及美國的公司,如亞馬遜、谷歌、微軟等,已經投資成立安全團隊進行研究和分析,他們分享的研究結果讓公眾更加了解物聯網設備安全相關的風險。目前,許多物聯網產品供應商已經開始聘請設備評估服務並購買安全防護產品。
作為物聯網生態安全研究項目的直接參與者,我想向任何願意開始物聯網之旅的初學者、物聯網生態系統中的從業者以及安全行業的從業者介紹這本書。本書為初學者提供了物聯網設備滲透測試的關鍵理論和方法;解釋了硬體、韌體和無線協議分析的各種工具和技術;並說明了如何設計安全的物聯網設備系統,同時提供相關的代碼細節。
作者簡介
Qinghao Tang is an expert in the field of virtualization systems and IoT systems. He has discovered numerous security vulnerabilities and been a speaker at several leading security conferences such as HITB 2016, POC 2017, Blackhat 2019, etc.
Fan Du is an expert in the field of Information Security. He is committed to using technology to improve product safety and currently works with passionate team members to design and build a secure IoT ecosystem.
作者簡介(中文翻譯)
Qinghao Tang 是虛擬化系統和物聯網系統領域的專家。他發現了許多安全漏洞,並在多個領先的安全會議上擔任演講者,例如 HITB 2016、POC 2017、Blackhat 2019 等。
Fan Du 是資訊安全領域的專家。他致力於利用技術提升產品安全,並目前與充滿熱情的團隊成員合作,設計和建立一個安全的物聯網生態系統。
