DEF CON 27 - Intro to Embedded Hacking-How you can find a decade old bug in widely deployed devices
From small business to large enterprise, VOIP phones can be found on nearly every desk. But how secure are they? What if your phone was spying on every conversation you have?
This talk is an introduction to hardware hacking and as a case study I'll use the [REDACTED] Deskphone, a device frequently deployed in corporate environments. I'll use it to introduce the tools and methodology needed to answer these questions.
During this talk, attendees will get a close up look at the operations of a hardware hacker, including ARM disassembly, firmware extraction using binwalk, micro-soldering to patch an EEPROM and get a root shell over UART, and ultimately uncover an already known decade-old bug that somehow remained unnoticed in the device's firmware.
Beyond the case study I will also address alternative tactics; some did not work, others may have but were not the lowest-hanging fruit. When it comes to hardware hacking, the process is as important as the result; knowing that there are multiple ways to reach the end goal helps researchers remain confident when hurdles arise. After the talk, attendees will have an increased distrust towards always-on devices; however, they will have the background knowledge to investigate the products and systems they encounter daily.
Intro to Embedded Hacking-How you too can find a decade old bug in widely deployed devices. [REDACTED] Deskphones, a case study.
Видео DEF CON 27 - Intro to Embedded Hacking-How you can find a decade old bug in widely deployed devices канала HackersOnBoard
This talk is an introduction to hardware hacking and as a case study I'll use the [REDACTED] Deskphone, a device frequently deployed in corporate environments. I'll use it to introduce the tools and methodology needed to answer these questions.
During this talk, attendees will get a close up look at the operations of a hardware hacker, including ARM disassembly, firmware extraction using binwalk, micro-soldering to patch an EEPROM and get a root shell over UART, and ultimately uncover an already known decade-old bug that somehow remained unnoticed in the device's firmware.
Beyond the case study I will also address alternative tactics; some did not work, others may have but were not the lowest-hanging fruit. When it comes to hardware hacking, the process is as important as the result; knowing that there are multiple ways to reach the end goal helps researchers remain confident when hurdles arise. After the talk, attendees will have an increased distrust towards always-on devices; however, they will have the background knowledge to investigate the products and systems they encounter daily.
Intro to Embedded Hacking-How you too can find a decade old bug in widely deployed devices. [REDACTED] Deskphones, a case study.
Видео DEF CON 27 - Intro to Embedded Hacking-How you can find a decade old bug in widely deployed devices канала HackersOnBoard
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![](https://i.ytimg.com/vi/K09lKja5YNk/default.jpg)
![Hacking a Professional Drone](https://i.ytimg.com/vi/JRVb-xE1zTI/default.jpg)
![DEF CON 27 - Pedro Cabrera Camara - SDR Against Smart TVs URL and Channel Injection Attacks](https://i.ytimg.com/vi/t8WwRiQyFMI/default.jpg)
![Hack All The Things: 20 Devices in 45 Minutes](https://i.ytimg.com/vi/h5PRvBpLuJs/default.jpg)
![Getting Things Done - How to Get MASSIVE Loads of Work Done EVERY DAY](https://i.ytimg.com/vi/4IQR4mKUOg8/default.jpg)
![Breaking into Embedded Devices and IoT Security - Andrew Costis](https://i.ytimg.com/vi/YfXNqj2-WQk/default.jpg)
![Spec Hack! Breaking the Bandwidth Barrier with Your Oscilloscope](https://i.ytimg.com/vi/S8eSDjyRceg/default.jpg)
![Jesper Larsson Hacking embedded Systems for fun and profit](https://i.ytimg.com/vi/XaHhoflKzAE/default.jpg)
![Intro to hardware security: UART access and SPI firmware extraction](https://i.ytimg.com/vi/YD6ODeER8qM/default.jpg)
![DEF CON 26 - Christopher Domas - GOD MODE UNLOCKED Hardware Backdoors in redacted x86](https://i.ytimg.com/vi/jmTwlEh8L7g/default.jpg)
![DEF CON Safe Mode IoT Village - Deral Heiland - Getting Started Building an IoT Hardware Hacking Lab](https://i.ytimg.com/vi/ztYnPAl3kCE/default.jpg)
![DEF CON 24 - Universal Serial aBUSe: Remote Physical Access Attacks](https://i.ytimg.com/vi/QLEpwra_9o8/default.jpg)
![Radio Hacking: Cars, Hardware, and more! - Samy Kamkar - AppSec California 2016](https://i.ytimg.com/vi/1RipwqJG50c/default.jpg)
![Starter Kit: Hardware Hacking](https://i.ytimg.com/vi/er0QfqjygBk/default.jpg)
![[:RE-0x06:] Microcontroller's Hacking Time](https://i.ytimg.com/vi/hqx8I0B6LRI/default.jpg)
![DEF CON 26 - Seamus Burke - A Journey Into Hexagon Dissecting a Qualcomm Baseband](https://i.ytimg.com/vi/U_awEXRp72k/default.jpg)
![DEF CON 27 - Xiaolong Bai - HackPac Hacking Pointer Authentication in iOS User Space](https://i.ytimg.com/vi/KFjqJklkgFM/default.jpg)
![Tutorial: Using Bus Pirate to program I2C RTC](https://i.ytimg.com/vi/eWoG4V59R0M/default.jpg)
![DEF CON 26 - zerosum0x0 - Demystifying MS17 010 Reverse Engineering the ETERNAL Exploits](https://i.ytimg.com/vi/HsievGJQG0w/default.jpg)
![DEF CON 24 - Hacking Next-Gen ATM's From Capture to Cashout](https://i.ytimg.com/vi/1iPAzBcMmqA/default.jpg)