06-28, 11:00–12:00 (US/Eastern), Grand Salon
New IoT Radio Frequency protocols like ZigBee, Z-Wave, OpenThread, and Amazon Sidewalk are becoming ubiquitous. While these protocols make our lives easier in many ways, they also represent an interesting cyber-security challenge: as an industry we're adding all kinds of complex and novel RF attack surface to IoT devices within our homes and neighborhoods.
In this talk we'll explore how we're securing that new attack surface at Amazon Element55. We'll bring you along on our journey from initial experiments with bug hunting in the Amazon Sidewalk protocol stack using symbolic execution tools like CBMC and Klee, explore some of the challenges we faced along the way with symbolic tools, and finally walk you through the discovery of a group of new critical vulnerabilities in the implementation of SiLabs Z-Wave protocol.
Oliver Lavery's interest in security was born in the Montreal BBS scene, and came of age when he discovered anyone could dial into DATAPAC...
Today he's a Sr. Security Engineer at Element55, Amazon Devices and Services' vulnerability research team. He has a few decades of experience in defensive and offensive software security, reverse engineering, and vulnerability research for clients in hi-tech, finance, and critical infrastructure.