
Ask HN: Any ideas how to approach intercepting my own IoT device SSL traffic? - hippich
I have a Jibo robot. Last year its cloud servers were shut down as the parent company bankrupted, and the robot lost ability to recognize speech (all recognition was happening in the cloud). Recently I decided to turn it on and realized that it suddenly started working again. No news from new owners. Perhaps it is nothing to worry about, but nevertheless I wanted to look into what it is sending and where. I was able to find out domains it uses - these looks legitimate, but I can&#x27;t figure out how to peek into HTTPS traffic there. I already tried self-signed certificate in hopes it will accept it, no luck.<p>Any ideas if there are some vulnerabilities available from up to 2015-2017 in common SSL stack? I would expect it to run Linux, and probably with openssl, but I have no clue which version.
======
1cvmask
Look for Heartbleed:

[https://heartbleed.com/](https://heartbleed.com/)

~~~
hippich
Did not realize it can be exploited against clients as well. Thanks!
Unfortunately, looks like it is not vulnerable to it. Perhaps at some point
they upgraded libraries.

