Critical Thinking - Bug Bounty Podcast Episode 153: Hacking the Robots of the Future: Hardware, AI, and Bug Bounties with Matt Brown
33 snips
Dec 18, 2025 Matt Brown, a hardware security researcher focused on IoT and embedded devices, dives into the intricacies of hacking robots and AI security. He shares his insights on hardware bug bounty payouts and the evolving landscape of humanoid robots, which present unique security challenges. Brown also discusses his Zero-to-Hero Hardware Hacking Guide, the nuances of firmware extraction, and the creation of automated hackbots for IoT devices. His expertise illuminates the potential risks and techniques in a future where AI and physical devices intersect.
AI Snips
Chapters
Transcript
Episode notes
Incremental Session Token Exposure
- Matt Brown found an incremental session token in an industrial control device that could be guessed to access other sessions.
- The UDP protocol sent tokens in cleartext which let him remotely view other people's control systems.
Demand Higher Rewards For Hardware Work
- Expect higher payouts for hardware bounties and factor device complexity into your time estimate.
- Prioritize programs that explicitly reward hardware skills to avoid being shortchanged.
Hardware Bounties Lead Fast To Private Invites
- Hardware programs are fewer but private invites follow fast once you prove hardware competency.
- Early public findings often unlock valuable private program access and specialized devices.