The Amp Hour Electronics Podcast

#698 – Hardware Security with Matt Brown

Listen Later

Welcome Matt Brown of Brown Fine Security!

  • Matt has been reverse engineering a “smart” smoker controller that talks back to AWS IOT
  • Jeff Geerling talking about his dishwasher
  • Storing private keys on the device??
  • Threat models
  • Key rotation
  • What is the best case scenario for an IoT device?
  • Secure boot / trust zone
  • Keys encrypt flash storage
  • Chris has designed in the ATECC608 before
  • Replacing Certificate Authority (CA) cert in grill firmware
  • Matt has a Linux hardware / reverse engineering background
  • Flash is always external
  • Ghidra / idapro / binwalk
  • Security cameras are 99% linux based (battery based cameras might be embedded)
  • Best practices
  • Encrypted firmware
  • hidden uart / jtag
  • Keys
  • Are linux devices “worth more” to a security researcher?
  • CVSS risk scoring system
  • Attack vector
  • Vulnerabilities are better if it can be a remote executed
  • Linux devices have more compute
  • Bluetoothe LE
  • Ability to enumerate
  • Scale reverse engineering
  • Chris has discussed the silliness of a bluetooth toothbrush on the show before
  • Tools / Software of the trade
    • xgeku firmware reader
    • picoemp
    • PCBite
    • Saleae
    • SDR USRP B200
    • Universal radio hacker
    • Stick-to-it-ness
    • Matt just came back from hardwear.io, one of his new favorite conferences
    • Find Matt at the embedded systems village at DEF CON
    • Follow Matt via his YouTube channel
    • Matt has a new IoT Security newsletter starting up
      • ...more
      View all episodesView all episodes
      Download on the App Store
      The Amp Hour Electronics PodcastBy The Amp Hour (Chris Gammell and David L Jones)
      • 4.9
      • 4.9
      • 4.9
      • 4.9
      • 4.9

      4.9

      226 ratings

      More shows like The Amp Hour Electronics Podcast

      View all
      The Changelog: Software Development, Open Source by Changelog Media

      The Changelog: Software Development, Open Source

      288 Listeners

      This Week in Tech (Audio) by TWiT

      This Week in Tech (Audio)

      3,060 Listeners

      Security Now (Audio) by TWiT

      Security Now (Audio)

      2,013 Listeners

      Software Engineering Daily by Software Engineering Daily

      Software Engineering Daily

      628 Listeners

      Talk Python To Me by Michael Kennedy

      Talk Python To Me

      583 Listeners

      SpyCast by SpyCast

      SpyCast

      1,531 Listeners

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

      651 Listeners

      Embedded by Logical Elegance

      Embedded

      189 Listeners

      Smashing Security by Graham Cluley

      Smashing Security

      317 Listeners

      Darknet Diaries by Jack Rhysider

      Darknet Diaries

      8,078 Listeners

      Physics World Weekly Podcast by Physics World

      Physics World Weekly Podcast

      83 Listeners

      Practical AI by Practical AI LLC

      Practical AI

      209 Listeners

      Hackaday Podcast by Hackaday

      Hackaday Podcast

      64 Listeners

      Latent Space: The AI Engineer Podcast by Latent.Space

      Latent Space: The AI Engineer Podcast

      101 Listeners

      Robinson's Podcast by Robinson Erhardt

      Robinson's Podcast

      269 Listeners