Investigating the Wink Hub 2

SensePost researchers performed a hardware teardown and security analysis of the Wink Hub 2, documenting board-level access, UART boot logs, enabled Secure/High Assurance Boot, and exposed services (HTTP, MQTT). They attempted multiple bypass methods — NAND glitching, JTAG, electromagnetic fault injection, USB boot attempts, and TLS interception — observing protections such as HAB, image signature verification, and pinned public keys that prevented remote or persistent compromise; unauthenticated local MQTT and various unverified attack surfaces are noted as potential risks and future research targets.