About the talk

There is very little publicly available on working with Z-Wave technology. Speaker presented the tools that can be used to examine how Z-Wave works and explained the security and encryption it uses. Through this journey, speaker saw how it became apparent that the new Z-Wave security standard – S2 – allows a trivial downgrade the older, vulnerable S0 standard. This allows us to intercept keys and command any device on the network. Speaker presented a critique of the Z-Wave standard, highlighting important differences between marketing and reality, leading to the weakening of security for users of the system.



Security Consultant at Pen Test Partners

Andrew has many years of experience in security, mainly working with embedded systems. As the Internet of Things trend developed, he expanded his skills into the realms of web applications and mobile applications. Blogging and documenting his findings rapidly gained him exposure, and a number of high-profile UK companies approached him to test their devices and systems.