#698 – Hardware Security with Matt Brown
- Author
- The Amp Hour (Chris Gammell and David L Jones)
- Published
- Thu 17 Jul 2025
- Episode Link
- https://theamphour.com/698-hardware-security-with-matt-brown/
Welcome Matt Brown of Brown Fine Security!
- Matt has been reverse engineering a “smart” smoker controller that talks back to AWS IOT
- Jeff Geerling talking about his dishwasher
- Storing private keys on the device??
- Threat models
- Key rotation
- What is the best case scenario for an IoT device?
- Secure boot / trust zone
- Keys encrypt flash storage
- Chris has designed in the ATECC608 before
- Replacing Certificate Authority (CA) cert in grill firmware
- Matt has a Linux hardware / reverse engineering background
- Flash is always external
- Ghidra / idapro / binwalk
- Security cameras are 99% linux based (battery based cameras might be embedded)
- Best practices
- Encrypted firmware
- hidden uart / jtag
- Keys
- Are linux devices “worth more” to a security researcher?
- CVSS risk scoring system
- Attack vector
- Vulnerabilities are better if it can be a remote executed
- Linux devices have more compute
- Bluetoothe LE
- Ability to enumerate
- Scale reverse engineering
- Chris has discussed the silliness of a bluetooth toothbrush on the show before
- Tools / Software of the trade
- xgeku firmware reader
- picoemp
- PCBite
- Saleae
- SDR USRP B200
- Universal radio hacker
- Stick-to-it-ness
- Matt just came back from hardwear.io, one of his new favorite conferences
- Find Matt at the embedded systems village at DEF CON
- Follow Matt via his YouTube channel
- Matt has a new IoT Security newsletter starting up
