Letting the Crap Out of the Bag: Adventures Disclosing IoT Bugs presented at BsidesROC 2016

by Max Sobell,

Summary : Carve has been hacking IoT device since… well, before they were called “IoT”! Believe us: we’re tired of raising the alarm about IoT insecurity, too. We’re going to walk you through some of the coolest bugs we’ve responsibly disclosed to manufacturers and how we go about this daunting task. How do you balance a) the consumer’s right to know that they’ve got a gaping hole in their device with b) the vendor’s time to patch and update? We’ll also share our approach to dealing with unresponsive vendors and time sensitive disclosures.