Matt Brown is a hardware and IoT security researcher. He joins Chris to talk about best practices for securing hardware that talks to the internet and share stories of products that didn't pass muster.
Welcome Matt Brown of Brown Fine Security!
- Matt has been reverse engineering a “smart” smoker controller that talks back to AWS IOT
- Jeff Geerling talking about his dishwasher
- Storing private keys on the device??
- Threat models
- Key rotation
- What is the best case scenario for an IoT device?
- Secure boot / trust zone
- Keys encrypt flash storage
- Chris has designed in the ATECC608 before
- Replacing Certificate Authority (CA) cert in grill firmware
- Matt has a Linux hardware / reverse engineering background
- Flash is always external
- Ghidra / idapro / binwalk
- Security cameras are 99% linux based (battery based cameras might be embedded)
- Best practices
- Encrypted firmware
- hidden uart / jtag
- Keys
- Are linux devices “worth more” to a security researcher?
- CVSS risk scoring system
- Attack vector
- Vulnerabilities are better if it can be a remote executed
- Linux devices have more compute
- Bluetoothe LE
- Ability to enumerate
- Scale reverse engineering
- Chris has discussed the silliness of a bluetooth toothbrush on the show before
- Tools / Software of the trade
- xgeku firmware reader
- picoemp
- PCBite
- Saleae
- SDR USRP B200
- Universal radio hacker
- Stick-to-it-ness
- Matt just came back from hardwear.io, one of his new favorite conferences
- Find Matt at the embedded systems village at DEF CON
- Follow Matt via his YouTube channel
- Matt has a new IoT Security newsletter starting up