[yalogin]

I am surprised the Nest devices allow themselves to be man-in-middle'ed like this. Why are Nest devices accepting a random (valid) certificate? One would think they will only accept a valid Google certificate, signed by the Google root certificate.

Am I missing something? The article does not mention about any software tampering on the device itself.

[kapitalx]

This is a man in the middle on the mobile app, which relies on the certificates on the phone. You just need to add your phony certificate to the OS's trust store. It's an attempt to find any private APIs that the APP is using, rather than reverse engineering the protocol between Alphabet and the nest device.

[supergeek133]

I've also done something similar with Wireshark and a hotspot off my laptop to find out what API calls an Echo is sending to Amazon. I believe I could see the endpoints, but not the content.