Carve has been hacking IoT device since… well, before they were called “IoT”! Believe us: we’re tired of raising the alarm about IoT insecurity, too. We’re going to walk you through some of the coolest bugs we’ve responsibly disclosed to manufacturers and how we go about this daunting task. How do you balance a) the consumer’s right to know that they’ve got a gaping hole in their device with b) the vendor’s time to patch and update? We’ll also share our approach to dealing with unresponsive vendors and time sensitive disclosures.
Max has extensively researched and responsibly disclosed vulnerabilities in contactless payment systems, mass transit access control, and mobile applications. Before working in security, he designed high speed trading algorithms and worked in commodities. Max is a licensed HAM operator and contributes chapters to several best selling Linux books. He has presented his research at ShmooCon, CanSecWest, EuSecWest, Derbycon, SOURCE: Boston, and various local conferences.