IoT security is something of a conundrum. The team at Pen Test Partners publish independent research in to the security of numerous smart devices, exposing poor security practice by device manufacturers. Sadly, it’s often consumers that are the victims of this inattention to security.
Ken looks after vulnerability disclosure at Pen Test Partners and influences government policy on IoT cyber security. Whilst some disclosures are successful, the majority are a train wreck. Watching vendors try to ignore contact from researchers, fumble or try to silence the process led him to working with regulators in an effort to fix the problems at source. He considers carrot and stick are the only way to resolve smart product security.
The work of his team on My Friend Cayla, the vulnerable talking kids doll, was cited as one of the catalysts for California Senate Bill 327, regulating IoT security for California residents. He’s briefed US government departments and spoken at TEDx, DEF CON villages, RSA, Black Hat, BSides and numerous other security events. If you want his attention, just market your smart device as ‘unhackable’. Ken is also a member of the CVE Board.