Practical Iot Hacking: The Definitive Guide to Attacking the Internet of Things (Paperback)

Chantzis, Fotios, Stais, Ioannis, Calderon, Paulino

買這商品的人也買了...

商品描述

The definitive guide to hacking the world of the Internet of Things (IoT) -- Internet connected devices such as medical devices, home assistants, smart home appliances and more.

Geared towards security researchers, IT teams, and penetration testers, application testers, developers, and IT administrators, this book teaches you how to get started with hacking Internet connected devices. You'll dig deep into technical (and related legal) issues, as you learn what kinds of devices to use as hacking tools and which make the best targets. The authors, all experts in the field, cover the kinds of vulnerabilities found in IoT devices, explain how to exploit their network protocols, and how to leverage security flaws and certain hardware interfaces found in the physical devices themselves.

The book begins with threat modeling and a security testing methodology, then covers how to attack hardware interfaces such as UART, I C, SPI, JTAG / SWD and IoT network protocols like UPnP, WS-Discovery, mDNS, DNS-SD, RTSP / RTCP / RTP, LoRa / LoRaWAN, Wi-Fi / Wi-Fi Direct, RFID / NFC, BLE, MQTT, CDP and DICOM. Examples throughout offer custom code designed to demonstrate specific vulnerabilities and tools to help readers reproduce the attacks. Practical IoT Hacking is full of practical exercises and hands-on examples taken from the authors' own research that teach you things like how to bypass the authentication of an STM32F103 device (black pill) through SWD; reverse firmware; exploit zero-configuration networking; use low-cost equipment to capture LoRa network traffic; analyze IoT companion mobile apps, take over and remotely control an Android based treadmill, jam wireless devices such as home alarm systems, hijack Bluetooth Low Energy connections and how to circumvent modern RFID and NFC enabled smart door locks.

商品描述(中文翻譯)

「實用物聯網入侵指南」是一本針對物聯網(IoT)世界的入侵指南,該世界包括醫療設備、家庭助手、智能家居電器等連接到互聯網的設備。

本書主要針對安全研究人員、IT團隊、滲透測試人員、應用程式測試人員、開發人員和IT管理人員,教授如何開始入侵物聯網設備。您將深入研究技術(以及相關法律)問題,了解哪些設備可用作入侵工具,以及哪些設備最容易成為目標。作者們都是該領域的專家,他們介紹了物聯網設備中存在的漏洞類型,解釋了如何利用其網絡協議,以及如何利用物理設備本身的安全漏洞和特定硬件接口。

本書首先介紹了威脅建模和安全測試方法,然後介紹了如何攻擊硬件接口,例如UART、I C、SPI、JTAG / SWD,以及物聯網網絡協議,如UPnP、WS-Discovery、mDNS、DNS-SD、RTSP / RTCP / RTP、LoRa / LoRaWAN、Wi-Fi / Wi-Fi Direct、RFID / NFC、BLE、MQTT、CDP和DICOM。書中的示例提供了定制代碼,用於演示特定漏洞和工具,以幫助讀者重現攻擊。「實用物聯網入侵指南」充滿了實際練習和作者自己研究的實際示例,教授讀者如何通過SWD繞過STM32F103設備(黑色藥丸)的身份驗證;逆向固件;利用零配置網絡;使用低成本設備捕獲LoRa網絡流量;分析物聯網配套移動應用程序;接管並遠程控制基於Android的跑步機;干擾家庭報警系統等無線設備;劫持藍牙低功耗連接;以及如何規避現代RFID和NFC智能門鎖的安全措施。

作者簡介

Fotios (Fotis) Chantzis is laying the foundation for a safe and secure Artificial General Intelligence (AGI) at OpenAI. Previously, he worked as a principal information security engineer at Mayo Clinic, where he managed and conducted technical security assessments on medical devices, clinical support systems, and critical healthcare infrastructure.

Ioannis Stais is a senior IT security researcher and head of red teaming at CENSUS S.A., a company that offers specialized cybersecurity services. He has participated in dozens of security assessment projects, including the assessment of communication protocols, web and mobile banking services, ATMs and point-of-sale systems, and critical medical appliances.

Paulino Calderon is a published author and international speaker with over 12 years of experience in network and application security. When he isn't traveling to security conferences or consulting for Fortune 500 companies with Websec, a company he co-founded in 2011, he spends peaceful days enjoying the beach in Cozumel, Mexico.


Evangelos Deirmentzoglou is an information security professional interested in solving security problems at scale. He led and structured the cybersecurity capability of the financial tech startup Revolut. A member of the open-source community since 2015, he has made multiple contributions to Nmap and Ncrack.

Beau Woods is a cyber safety innovation fellow with the Atlantic Council and a leader with the I Am The Cavalry grassroots initiative. He is also the founder and CEO of Stratigos Security and sits on the board of several nonprofits. Beau is a published author and frequent public speaker.

作者簡介(中文翻譯)

Fotios (Fotis) Chantzis 在 OpenAI 為安全的人工通用智能 (AGI) 打下基礎。之前,他在 Mayo Clinic 擔任首席資訊安全工程師,負責管理和進行醫療設備、臨床支援系統和關鍵醫療基礎設施的技術安全評估。

Ioannis Stais 是一位資深 IT 安全研究員,也是 CENSUS S.A. 的紅隊負責人,該公司提供專業的網絡安全服務。他參與了數十個安全評估項目,包括通信協議、網銀服務、自動提款機和銷售點系統以及關鍵醫療設備的評估。

Paulino Calderon 是一位發表過作品的作者和國際演講者,擁有超過 12 年的網絡和應用安全經驗。當他不在參加安全會議或為他於 2011 年共同創辦的 Websec 為財富 500 強公司提供諮詢服務時,他會在墨西哥的 Cozumel 海灘度過寧靜的日子。

Evangelos Deirmentzoglou 是一位對解決大規模安全問題感興趣的資訊安全專業人士。他領導並結構化了金融科技初創公司 Revolut 的網絡安全能力。自 2015 年以來,他一直是開源社區的成員,並對 Nmap 和 Ncrack 做出了多次貢獻。

Beau Woods 是大西洋理事會的網絡安全創新研究員,也是 I Am The Cavalry 基層倡議的領導者。他還是 Stratigos Security 的創始人兼首席執行官,並擔任多個非營利組織的董事會成員。Beau 是一位發表過作品並經常公開演講的作者。