The Amp Hour Electronics Podcast

#698 – Hardware Security with Matt Brown

Listen Later

Welcome Matt Brown of Brown Fine Security!

  • Matt has been reverse engineering a “smart” smoker controller that talks back to AWS IOT
  • Jeff Geerling talking about his dishwasher
  • Storing private keys on the device??
  • Threat models
  • Key rotation
  • What is the best case scenario for an IoT device?
  • Secure boot / trust zone
  • Keys encrypt flash storage
  • Chris has designed in the ATECC608 before
  • Replacing Certificate Authority (CA) cert in grill firmware
  • Matt has a Linux hardware / reverse engineering background
  • Flash is always external
  • Ghidra / idapro / binwalk
  • Security cameras are 99% linux based (battery based cameras might be embedded)
  • Best practices
  • Encrypted firmware
  • hidden uart / jtag
  • Keys
  • Are linux devices “worth more” to a security researcher?
  • CVSS risk scoring system
  • Attack vector
  • Vulnerabilities are better if it can be a remote executed
  • Linux devices have more compute
  • Bluetoothe LE
  • Ability to enumerate
  • Scale reverse engineering
  • Chris has discussed the silliness of a bluetooth toothbrush on the show before
  • Tools / Software of the trade
    • xgeku firmware reader
    • picoemp
    • PCBite
    • Saleae
    • SDR USRP B200
    • Universal radio hacker
    • Stick-to-it-ness
    • Matt just came back from hardwear.io, one of his new favorite conferences
    • Find Matt at the embedded systems village at DEF CON
    • Follow Matt via his YouTube channel
    • Matt has a new IoT Security newsletter starting up
      • ...more
      View all episodesView all episodes
      Download on the App Store
      The Amp Hour Electronics PodcastBy The Amp Hour (Chris Gammell and David L Jones)
      • 4.9
      • 4.9
      • 4.9
      • 4.9
      • 4.9

      4.9

      226 ratings

      More shows like The Amp Hour Electronics Podcast

      View all
      Security Now (Audio) by TWiT

      Security Now (Audio)

      2,001 Listeners

      Risky Business by Patrick Gray

      Risky Business

      369 Listeners

      The Changelog: Software Development, Open Source by Changelog Media

      The Changelog: Software Development, Open Source

      288 Listeners

      Accidental Tech Podcast by Marco Arment, Casey Liss, John Siracusa

      Accidental Tech Podcast

      2,127 Listeners

      Embedded by Logical Elegance

      Embedded

      189 Listeners

      LINUX Unplugged by Jupiter Broadcasting

      LINUX Unplugged

      265 Listeners

      Software Engineering Daily by Software Engineering Daily

      Software Engineering Daily

      625 Listeners

      The Quanta Podcast by Quanta Magazine

      The Quanta Podcast

      526 Listeners

      Late Night Linux by The Late Night Linux Family

      Late Night Linux

      164 Listeners

      Home Assistant Podcast by HK Media

      Home Assistant Podcast

      70 Listeners

      Darknet Diaries by Jack Rhysider

      Darknet Diaries

      7,978 Listeners

      Physics World Weekly Podcast by Physics World

      Physics World Weekly Podcast

      77 Listeners

      Hackaday Podcast by Hackaday

      Hackaday Podcast

      63 Listeners

      2.5 Admins by The Late Night Linux Family

      2.5 Admins

      99 Listeners

      Oxide and Friends by Oxide Computer Company

      Oxide and Friends

      59 Listeners