Tang Qinghao, Du Fan. Internet of Things Security: Principles and Practice

Springer, 2021. — 292 p. — ISBN: 9789811599415.Over the past few years, the Internet of Things has brought great changes to the world. Reports show that the number of IoT devices is expected to reach 10 billion units within the next three years. The number will continue to rise and wildly use as infrastructure and housewares with each passing day, Therefore, ensuring the safe and stable operation of IoT devices has become more important for IoT manufacturers.Generally, four key aspects are involved in security risks when users use typical IoT products such as routers, smart speakers, and in-car entertainment systems, which are cloud, terminal, mobile device applications, and communication data. Security issues concerning any of the four may lead to the leakage of user-sensitive data. Another problem is that most IoT devices are upgraded less frequently, which makes it difficult to resolve legacy security risks in the short term. to cope with such complex security risks, Security Companies in China, such as Qihoo 360, Xiaomi, Alibaba, and Tencent, and companies in the United States, e.g. Amazon, Google, Microsoft, and some other companies have invested in security teams to conduct research and analyzes, the findings they shared let the public become more aware of IoT device security-related risks. Currently, many IoT product suppliers have begun hiring equipment evaluation services and purchasing security protection products.As a direct participant in the IoT ecological security research project, I would like to introduce the book to anyone who is a beginner who is willing to start the IoT journey, practitioners in the IoT ecosystem, and practitioners in the security industry. This book provides beginners with key theories and methods for IoT device penetration testing; explains various tools and techniques for hardware, firmware, and wireless protocol analysis; and explains how to design a secure IoT device system while providing relevant code details.