|
|
|
|
|
|
by elahd
1792 days ago
|
|
|
You may be able to intercept a firmware update and load a binary poisoned with your own CA cert. (Lots of factors at play here, of course.) I'm working on a similar problem (https://github.com/elahd/esp2ino/issues/16) with a project I maintain to sideload IoT device firmware (https://github.com/elahd/esp2ino). I've been using both mitmproxy and IOXY (https://github.com/NVISOsecurity/IOXY), an intercepting proxy made specifically for MQTT. IOXY is a small, less mature project, but it's definitely worth checking out as a compliment to mitmproxy. Many devices managed via AWS IoT phone home over MQTT and, my limited experience aside, it looks like many don't bother validating certificates when authenticating over this protocol. |
|
|