Tony Gee
Associate Partner
Pen Test Partners

Tony has over 13 years of security experience, he has worked both as an internal blue team consultant within the finance industry and for the technology partner for the world leading Oyster card system and more latterly as an external security tester and auditor.

Tony speaks the world over at technology events highlighting key risks with the internet of things, automotive and maritime and key payment systems. Tony is able to illustrate and demonstrate critical issues in these systems in a way the audiences of all levels can understand. He has spoken at PCI events in Europe and Asia, at the SC Congress in London, technical conferences such as BSides and many other partner events, including speaking at the US Congress, European Central Bank and the European Parliament.

How to exploit millions of IoT devices, sticking plasters over systemic flaws in IoT

We look at hundreds of devices a year and have noticed a troubling trend, a trend towards systemic flaws affecting not one device, but millions of devices. As manufacturers rush to outsource development external development shops are reusing code again and again to speed up development we are seeing the same flawed code with basic vulnerabilities repeated time and time again. Insecure Direct Object References affecting millions of devices, reused vulnerable firmware leading to remote device compromise, the list of issues keep stacking up. This talk will explore some of these issues and highlight how developers can fix issues, but more importantly how to ensure they don’t allow the issues to make it to market.