Internet of Things Security: Principles and Practice

Over the past few years, Internet of Things has brought great changes to the world. Reports show that, the number of IoT devices is expected to reach 10 billion units within the next three years. The number will continue to rise and wildly use as infrastructure and housewares with each passing day, Therefore, ensuring the safe and stable operation of IoT devices has become more important for IoT manufacturers.

Generally, four key aspects are involved in security risks when users use typical IoT products such as routers, smart speakers, and in-car entertainment systems, which are cloud, terminal, mobile device applications, and communication data. Security issues concerning any of the four may lead to the leakage of user sensitive data. Another problem is that most IoT devices are upgraded less frequently, which leads it is difficult to resolve legacy security risks in short term. In order to cope with such complex security risks, Security Companies in China, such as Qihoo 360, Xiaomi, Alibaba and Tencent, and companies in United States, e.g. Amazon, Google, Microsoft and some other companies have invested in security teams to conduct research and analyses, the findings they shared let the public become more aware of IoT device security-related risks. Currently, many IoT product suppliers have begun hiring equipment evaluation services and purchasing security protection products.

As a direct participant in the IoT ecological security research project, I would like to introduce the book to anyone who is a beginner that is willing to start the IoT journey, practitioners in the IoT ecosystem, and practitioners in the security industry. This book provides beginners with key theories and methods for IoT device penetration testing; explains various tools and techniques for hardware, firmware and wireless protocol analysis; and explains how to design a secure IoT device system, while providing relevant code details.

Qinghao Tang is an expert in the field of virtualization systems and IoT systems. He has discovered numerous security vulnerabilities and been a speaker at several leading security conferences such as HITB 2016, POC 2017, Blackhat 2019, etc.

Fan Du is an expert in the field of Information Security. He is committed to using technology to improve product safety and currently works with passionate team members to design and build a secure IoT ecosystem.