Sign up to save your podcasts
Or
Share #554: WHY Your Cheap Chinese IoT Camera Is A Network NIGHTMARE
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
#554: WHY Your Cheap Chinese IoT Camera Is A Network NIGHTMARE
Are your smart home devices spying on you? In this video, David Bombal interviews cybersecurity researcher and IoT penetration tester, Matt Brown, to reveal how to intercept and decrypt supposedly secure SSL/TLS traffic from IoT devices.
Matt demonstrates his open-source tool, "Man in the Middle Router," a specialized Linux-based bash script designed to simplify IoT hardware hacking labs. This tool stitches together essential Linux utilities—including HostAPD (for access points), DNSmasq (for DHCP), and iptables (for traffic routing)—to transform any Linux computer or Raspberry Pi into a transparent intercepting router. In this technical deep-dive, you will learn: How a Man in the Middle (MITM) attack intercepts encrypted TLS (HTTPS) communications.
How to set up an IoT penetration testing lab using minimal hardware, such as an Alpha Wi-Fi adapter and an Ethernet dongle. The difference between theoretical attacks and real-world vulnerabilities like the failure of IoT devices to validate server certificates. Transparent proxy setup using tools like mitmproxy to visualize raw API data.
Live Hacking Demonstration Matt moves beyond theory to demonstrate a live hack of an Anran Wi-Fi security camera purchased from eBay. He shows the exact process of capturing and decrypting the camera's API traffic (apis.us-west.cloudedge360.com). This demonstration exposes that the device is transmitting sensitive information—including authentication credentials—in cleartext over HTTP inside the broken TLS tunnel.
Whether you are a network engineer, network security analyst, or a hardware hacking enthusiast, this video provides a step-by-step framework for auditing the security and privacy of the devices on your network.
// Matt Brown’s SOCIAL //
X: https://x.com/nmatt0
YouTube: / @mattbrwn
LinkedIn: / mattbrwn
GitHub: https://github.com/nmatt0
Reddit: https://github.com/nmatt0
Website (with training courses): https://training.brownfinesecurity.com/
// GitHub REFERENCE //
mitmrouter: https://github.com/nmatt0/mitmrouter
// Camera REFERECE //
https://www.amazon.com/ANRAN-Security...
// David's SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: www.twitter.com/davidbombal
Instagram: www.instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: www.facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
YouTube: / @davidbombal
Spotify: open.spotify.com/show/3f6k6gE...
SoundCloud: / davidbombal
Apple Podcast: podcasts.apple.com/us/podcast...
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: [email protected]
// MENU //
0:00 - Coming Up
0:33 - Introduction
02:33 - Matt’s Solution for IoT Devices
05:38 - Getting around SSL Pining / Certificate Validation
08:55 - Demo - The Basics
12:00 - Demo - Man In The Middle Router Tool
15:00 - Demo - Software/Hardware Considerations
20:12 - Demo - MITM Proxy
24:43 - Demo - MITM Router
33:58 - Example Using a Real IoT Device
36:33 - David’s Questions
37:50 - More About Matt Brown
38:41 - Android Vs Apple
40:33 - Outro
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#iot #hacking #iothacking
View all episodes
By David Bombal
5
2424 ratings
Are your smart home devices spying on you? In this video, David Bombal interviews cybersecurity researcher and IoT penetration tester, Matt Brown, to reveal how to intercept and decrypt supposedly secure SSL/TLS traffic from IoT devices.
Matt demonstrates his open-source tool, "Man in the Middle Router," a specialized Linux-based bash script designed to simplify IoT hardware hacking labs. This tool stitches together essential Linux utilities—including HostAPD (for access points), DNSmasq (for DHCP), and iptables (for traffic routing)—to transform any Linux computer or Raspberry Pi into a transparent intercepting router. In this technical deep-dive, you will learn: How a Man in the Middle (MITM) attack intercepts encrypted TLS (HTTPS) communications.
How to set up an IoT penetration testing lab using minimal hardware, such as an Alpha Wi-Fi adapter and an Ethernet dongle. The difference between theoretical attacks and real-world vulnerabilities like the failure of IoT devices to validate server certificates. Transparent proxy setup using tools like mitmproxy to visualize raw API data.
Live Hacking Demonstration Matt moves beyond theory to demonstrate a live hack of an Anran Wi-Fi security camera purchased from eBay. He shows the exact process of capturing and decrypting the camera's API traffic (apis.us-west.cloudedge360.com). This demonstration exposes that the device is transmitting sensitive information—including authentication credentials—in cleartext over HTTP inside the broken TLS tunnel.
Whether you are a network engineer, network security analyst, or a hardware hacking enthusiast, this video provides a step-by-step framework for auditing the security and privacy of the devices on your network.
// Matt Brown’s SOCIAL //
X: https://x.com/nmatt0
YouTube: / @mattbrwn
LinkedIn: / mattbrwn
GitHub: https://github.com/nmatt0
Reddit: https://github.com/nmatt0
Website (with training courses): https://training.brownfinesecurity.com/
// GitHub REFERENCE //
mitmrouter: https://github.com/nmatt0/mitmrouter
// Camera REFERECE //
https://www.amazon.com/ANRAN-Security...
// David's SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: www.twitter.com/davidbombal
Instagram: www.instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: www.facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
YouTube: / @davidbombal
Spotify: open.spotify.com/show/3f6k6gE...
SoundCloud: / davidbombal
Apple Podcast: podcasts.apple.com/us/podcast...
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: [email protected]
// MENU //
0:00 - Coming Up
0:33 - Introduction
02:33 - Matt’s Solution for IoT Devices
05:38 - Getting around SSL Pining / Certificate Validation
08:55 - Demo - The Basics
12:00 - Demo - Man In The Middle Router Tool
15:00 - Demo - Software/Hardware Considerations
20:12 - Demo - MITM Proxy
24:43 - Demo - MITM Router
33:58 - Example Using a Real IoT Device
36:33 - David’s Questions
37:50 - More About Matt Brown
38:41 - Android Vs Apple
40:33 - Outro
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#iot #hacking #iothacking
More shows like David Bombal
View all
Hacked
187 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
Risky Business
371 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
CyberWire Daily
1,028 Listeners
Smashing Security
317 Listeners
Click Here
418 Listeners
Darknet Diaries
8,077 Listeners
Cybersecurity Today
175 Listeners
Hacking Humans
315 Listeners
CISO Series Podcast
195 Listeners
Defense in Depth
73 Listeners
Cybersecurity Headlines
139 Listeners
Risky Bulletin
45 Listeners
Hacker And The Fed
168 Listeners