37C3 - Finding Vulnerabilities in Internet-Connected Devices

  Рет қаралды 26,734

media.ccc.de

media.ccc.de

Күн бұрын

media.ccc.de/v...
A Beginner’s Guide
This introductory session will outline the process of hacking internet-connected devices, with the help of a real world example: Poly telephones and conference speaker systems. We will explain vulnerabilities we identified in them and how they can be leveraged to transform the devices into wiretaps.
In this introductory session we will journey into the field of internet-connected device security. Our talk aims to empower beginners by simplifying the process of hacking such devices.
We'll discuss vulnerabilities we uncovered in Poly telephones and conference speaker systems and describe how we effectively transformed a seemingly innocuous conference speaker into a fully functional wiretap. We'll begin with straightforward findings accessible to beginners and progress to more technical discoveries, so that people with no experience in the field can follow along, too.
By the end of the talk, the attendees will have a foundational understanding of how they can approach hacking such a device and will have learned how the impact of vulnerabilities can be shown and increased by chaining them.
All the vulnerabilities we discovered during our research have been responsibly disclosed to the vendor and will be published in December 2023.
Pascal Zenker
Christoph Wolff
events.ccc.de/...
#37c3 #Security

Пікірлер: 16
@minleyfox5231
@minleyfox5231 Жыл бұрын
Top Vortrag! Sehr informativ, vielen Dank 👍
@nonesuchtofu
@nonesuchtofu Жыл бұрын
super spannend - vielen dank!!! :)
@astarothgr
@astarothgr Жыл бұрын
Yep, that's the stuff! Good talk!
@DaGhost141
@DaGhost141 11 ай бұрын
good talk to get into the whole subject!
@niklas2810
@niklas2810 Жыл бұрын
Very interesting talk, thanks a lot!
@kl1617
@kl1617 Жыл бұрын
Of course you ran Doom on it! Love it.
@tuskiie
@tuskiie Жыл бұрын
fire talk!
@AlgoNudger
@AlgoNudger Жыл бұрын
So fun.
@vk3fbab
@vk3fbab Жыл бұрын
Nice work guys. Imagine what phun you could have if you could get your own custom firmware running on it.
@jaypee112233
@jaypee112233 11 ай бұрын
Bbbf fschrieb. Die ebeee eeee😅😅b😅
@OliverTacke
@OliverTacke Жыл бұрын
Nice!
@MrMBSonic
@MrMBSonic Жыл бұрын
21:53 😂 Made my day 😂
@timkoehler3669
@timkoehler3669 Жыл бұрын
Ohh man, immer noch das alte Standard Admin Passwort (das war es schon beim ersten Polycom Telefon). Ich war früher bei snom Produktmanager (viele viele Jahre ist es her), ich habe gegen das Murren einiger Kollegen durchgesetzt, dass das Telefon im Webinterface UND im Display vom Telefon anzeigt wenn das Admin Passwort NICHT gesetzt ist. Es gab zwar die Option die Warnung zu unterdrücken aber wer das macht ist halt selber schuld . . .
@LamLe-fx7lm
@LamLe-fx7lm Жыл бұрын
Sir!
@cancername
@cancername Жыл бұрын
22:18 "... they check for any unwanted characters..." No! Bad Polycom! This is exactly the wrong way to "fix" this, quote the arguments instead.
37C3 - Self-cannibalizing AI
53:37
37C3 - Self-cannibalizing AI
media.ccc.de
Рет қаралды 8 М.
37C3 - Writing secure software
46:39
37C3 - Writing secure software
media.ccc.de
Рет қаралды 42 М.
🎄✨ Puff is saving Christmas again with his incredible baking skills! #PuffTheBaker #thatlittlepuff
00:42
🎄✨ Puff is saving Christmas again with his incredible baking skills! #PuffTheBaker #thatlittlepuff
That Little Puff
Рет қаралды 24 МЛН
REAL or FAKE? #beatbox #tiktok
01:03
REAL or FAKE? #beatbox #tiktok
BeatboxJCOP
Рет қаралды 18 МЛН
人是不能做到吗?#火影忍者 #家人 #佐助
00:20
人是不能做到吗?#火影忍者 #家人 #佐助
火影忍者一家
Рет қаралды 20 МЛН
SHK TV - We have a new robot - Be nice to people around you #shorts #sadstory #SHK
00:46
SHK TV - We have a new robot - Be nice to people around you #shorts #sadstory #SHK
SHK TV
Рет қаралды 14 МЛН
DNS Remote Code Execution: Finding the Vulnerability 👾 (Part 1)
29:31
DNS Remote Code Execution: Finding the Vulnerability 👾 (Part 1)
Flashback Team
Рет қаралды 291 М.
DEF CON 32 - Hacking Millions of Modems and Investigating Who Hacked My Modem - Sam Curry
24:58
DEF CON 32 - Hacking Millions of Modems and Investigating Who Hacked My Modem - Sam Curry
DEFCONConference
Рет қаралды 53 М.
Local Admin in less than 60 seconds #BSidesBUD2024
30:07
Local Admin in less than 60 seconds #BSidesBUD2024
BSides Budapest IT Security Conference
Рет қаралды 1,7 М.
38C3 - Hacking the RP2350
57:15
38C3 - Hacking the RP2350
media.ccc.de
Рет қаралды 4,3 М.
37C3 - Sucking dust and cutting grass: reversing robots and bypassing security
1:11:33
37C3 - Sucking dust and cutting grass: reversing robots and bypassing security
media.ccc.de
Рет қаралды 10 М.
Real-world exploits and mitigations in LLM applications (37c3)
42:35
Real-world exploits and mitigations in LLM applications (37c3)
Embrace The Red
Рет қаралды 25 М.
38C3 - Liberating Wi-Fi on the ESP32
38:55
38C3 - Liberating Wi-Fi on the ESP32
media.ccc.de
Рет қаралды 4 М.
37C3 - Tractors, Rockets and the Internet in Belarus
43:05
37C3 - Tractors, Rockets and the Internet in Belarus
media.ccc.de
Рет қаралды 9 М.
37C3 - All cops are broadcasting
1:03:55
37C3 - All cops are broadcasting
media.ccc.de
Рет қаралды 156 М.
DEF CON 32 - Anyone can hack IoT- Beginner’s Guide to Hacking Your First IoT Device - Andrew Bellini
54:12
DEF CON 32 - Anyone can hack IoT- Beginner’s Guide to Hacking Your First IoT Device - Andrew Bellini
DEFCONConference
Рет қаралды 146 М.
🎄✨ Puff is saving Christmas again with his incredible baking skills! #PuffTheBaker #thatlittlepuff
00:42
🎄✨ Puff is saving Christmas again with his incredible baking skills! #PuffTheBaker #thatlittlepuff
That Little Puff
Рет қаралды 24 МЛН