Syntax - Tasty Web Development Treats 963: Hardware Hacking with Matt Brown
21 snips
Dec 15, 2025 Join Matt Brown, a YouTuber and security consultant specializing in hardware and IoT penetration testing, as he dives into the fascinating world of hacking everyday devices. He reveals his curiosity-driven journey and shares methods for extracting firmware and cracking passwords. Legal boundaries and ethics of hacking are discussed, along with entertaining stories of his wild hacks, like escaping in-flight displays. Plus, Matt offers insights on using logic analyzers and smart home security practices, bringing a captivating mix of tech and storytelling.
AI Snips
Chapters
Books
Transcript
Episode notes
TLS Hides IoT Endpoints
- Many IoT devices use TLS so passive network capture only reveals hostnames, not endpoints.
- Gaining device trust (installing a CA) lets you intercept and read full API requests and responses.
Intercept Encrypted Device Traffic
- If you control the device, add a custom CA certificate to its trust store to enable TLS interception.
- Use a transparent intercepting proxy and route device traffic through it to observe requests and responses.
Two Distinct IoT Classes
- IoT devices split into Linux-based systems and microcontroller-based devices with different tooling.
- Linux devices (routers, cameras) often run C/C++ daemons and are more straightforward to analyze than low-power MCU firmware.
