37C3 - Finding Vulnerabilities in Internet-Connected Devices

Sdílet
Vložit
  • čas přidán 26. 08. 2024
  • media.ccc.de/v...
    A Beginner’s Guide
    This introductory session will outline the process of hacking internet-connected devices, with the help of a real world example: Poly telephones and conference speaker systems. We will explain vulnerabilities we identified in them and how they can be leveraged to transform the devices into wiretaps.
    In this introductory session we will journey into the field of internet-connected device security. Our talk aims to empower beginners by simplifying the process of hacking such devices.
    We'll discuss vulnerabilities we uncovered in Poly telephones and conference speaker systems and describe how we effectively transformed a seemingly innocuous conference speaker into a fully functional wiretap. We'll begin with straightforward findings accessible to beginners and progress to more technical discoveries, so that people with no experience in the field can follow along, too.
    By the end of the talk, the attendees will have a foundational understanding of how they can approach hacking such a device and will have learned how the impact of vulnerabilities can be shown and increased by chaining them.
    All the vulnerabilities we discovered during our research have been responsibly disclosed to the vendor and will be published in December 2023.
    Pascal Zenker
    Christoph Wolff
    events.ccc.de/...
    #37c3 #Security

Komentáře • 16

  • @minleyfox5231
    @minleyfox5231 Před 7 měsíci +13

    Top Vortrag! Sehr informativ, vielen Dank 👍

  • @astarothgr
    @astarothgr Před 7 měsíci +4

    Yep, that's the stuff! Good talk!

  • @nonesuchtofu
    @nonesuchtofu Před 7 měsíci +7

    super spannend - vielen dank!!! :)

  • @DaGhost141
    @DaGhost141 Před 6 měsíci +1

    good talk to get into the whole subject!

  • @tuskiie
    @tuskiie Před 7 měsíci +4

    fire talk!

  • @niklas2810
    @niklas2810 Před 7 měsíci +2

    Very interesting talk, thanks a lot!

  • @kl1617
    @kl1617 Před 7 měsíci +1

    Of course you ran Doom on it! Love it.

  • @timkoehler3669
    @timkoehler3669 Před 7 měsíci +2

    Ohh man, immer noch das alte Standard Admin Passwort (das war es schon beim ersten Polycom Telefon).
    Ich war früher bei snom Produktmanager (viele viele Jahre ist es her), ich habe gegen das Murren einiger Kollegen durchgesetzt, dass das Telefon im Webinterface UND im Display vom Telefon anzeigt wenn das Admin Passwort NICHT gesetzt ist. Es gab zwar die Option die Warnung zu unterdrücken aber wer das macht ist halt selber schuld . . .

  • @vk3fbab
    @vk3fbab Před 7 měsíci +10

    Nice work guys. Imagine what phun you could have if you could get your own custom firmware running on it.

    • @jaypee112233
      @jaypee112233 Před 6 měsíci

      Bbbf fschrieb. Die ebeee eeee😅😅b😅

  • @AlgoNudger
    @AlgoNudger Před 7 měsíci +2

    So fun.

  • @OliverTacke
    @OliverTacke Před 7 měsíci

    Nice!

  • @cancername
    @cancername Před 7 měsíci +3

    22:18 "... they check for any unwanted characters..."
    No! Bad Polycom! This is exactly the wrong way to "fix" this, quote the arguments instead.

  • @MrMBSonic
    @MrMBSonic Před 7 měsíci +1

    21:53 😂 Made my day 😂

  • @LamLe-fx7lm
    @LamLe-fx7lm Před 7 měsíci

    Sir!

Další v pořadí
Automatické přehrávání
37C3 - Full AACSess: Exposing and exploiting AACSv2 UHD DRM for your viewing pleasure59:4237C3 - Full AACSess: Exposing and exploiting AACSv2 UHD DRM for your viewing pleasure
37C3 - Full AACSess: Exposing and exploiting AACSv2 UHD DRM for your viewing pleasuremedia.ccc.de
zhlédnutí 13K
37C3 - Tor censorship attempts in Russia, Iran, Turkmenistan1:02:4237C3 - Tor censorship attempts in Russia, Iran, Turkmenistan
37C3 - Tor censorship attempts in Russia, Iran, Turkmenistanmedia.ccc.de
zhlédnutí 12K
37C3 - Sucking dust and cutting grass: reversing robots and bypassing security1:11:3337C3 - Sucking dust and cutting grass: reversing robots and bypassing security
37C3 - Sucking dust and cutting grass: reversing robots and bypassing securitymedia.ccc.de
zhlédnutí 9K
When you discover a family secret00:59When you discover a family secret
When you discover a family secretim_siowei
zhlédnutí 14M
Running With Bigger And Bigger Feastables00:17Running With Bigger And Bigger Feastables
Running With Bigger And Bigger FeastablesMrBeast
zhlédnutí 159M
Nejlepší zapečené párky 🍺 #ostravskygastrošef #food #heřmangazda00:59Nejlepší zapečené párky 🍺 #ostravskygastrošef #food #heřmangazda
Nejlepší zapečené párky 🍺 #ostravskygastrošef #food #heřmangazdaOstravsky Gastrošef (Heřman Gazda)
zhlédnutí 194K
Přilepili si tetování na druhou ruku.00:23Přilepili si tetování na druhou ruku.
Přilepili si tetování na druhou ruku.Multi Do Czech
zhlédnutí 102K
37C3 - Apple's iPhone 15: Under the C36:2637C3 - Apple's iPhone 15: Under the C
37C3 - Apple's iPhone 15: Under the Cmedia.ccc.de
zhlédnutí 42K
goTenna mesh explotation DC3231:27goTenna mesh explotation DC32
goTenna mesh explotation DC32Hacker Doe
zhlédnutí 65
37C3 - Unlocking the Road Ahead: Automotive Digital Forensics36:0537C3 - Unlocking the Road Ahead: Automotive Digital Forensics
37C3 - Unlocking the Road Ahead: Automotive Digital Forensicsmedia.ccc.de
zhlédnutí 6K
DNS Remote Code Execution: Finding the Vulnerability 👾 (Part 1)29:31DNS Remote Code Execution: Finding the Vulnerability 👾 (Part 1)
DNS Remote Code Execution: Finding the Vulnerability 👾 (Part 1)Flashback Team
zhlédnutí 286K
37C3 - NEW IMPORTANT INSTRUCTIONS42:3537C3 - NEW IMPORTANT INSTRUCTIONS
37C3 - NEW IMPORTANT INSTRUCTIONSmedia.ccc.de
zhlédnutí 17K
Finding 0day in Apache APISIX During CTF (CVE-2022-24112)12:41Finding 0day in Apache APISIX During CTF (CVE-2022-24112)
Finding 0day in Apache APISIX During CTF (CVE-2022-24112)LiveOverflow
zhlédnutí 87K
37C3 - KIM: Kaos In der Medizinischen Telematikinfrastruktur (TI)58:5537C3 - KIM: Kaos In der Medizinischen Telematikinfrastruktur (TI)
37C3 - KIM: Kaos In der Medizinischen Telematikinfrastruktur (TI)media.ccc.de
zhlédnutí 38K
37C3 - Nintendo hacking 2023: 200842:2737C3 - Nintendo hacking 2023: 2008
37C3 - Nintendo hacking 2023: 2008media.ccc.de
zhlédnutí 23K
37C3 - Von Zebrastreifen, offenen Daten und verschlossenen Verwaltungen36:3837C3 - Von Zebrastreifen, offenen Daten und verschlossenen Verwaltungen
37C3 - Von Zebrastreifen, offenen Daten und verschlossenen Verwaltungenmedia.ccc.de
zhlédnutí 26K
Mikuláš Černák: PŘÍBĚH BOSSE (celý dokument)3:17:50Mikuláš Černák: PŘÍBĚH BOSSE (celý dokument)
Mikuláš Černák: PŘÍBĚH BOSSE (celý dokument)Eduard Birke
zhlédnutí 369K
Only Pro Knows this technique! Expert Hacks for Steel Ruler #shorts #diy #tips #tricks00:25Only Pro Knows this technique! Expert Hacks for Steel Ruler #shorts #diy #tips #tricks
Only Pro Knows this technique! Expert Hacks for Steel Ruler #shorts #diy #tips #tricksTips Workshop
zhlédnutí 5M
Incredible Dog Rescues Kittens from Bus - Inspiring Story #shorts00:18Incredible Dog Rescues Kittens from Bus - Inspiring Story #shorts
Incredible Dog Rescues Kittens from Bus - Inspiring Story #shortsFabiosa Best Lifehacks
zhlédnutí 26M
How Hard Is To Slice With The World's Smallest Sword?00:55How Hard Is To Slice With The World's Smallest Sword?
How Hard Is To Slice With The World's Smallest Sword?Mini Katana
zhlédnutí 48M
Sad To Announce I Did Not Qualify For Mens 2024 Olympic Gymnastics Team00:14Sad To Announce I Did Not Qualify For Mens 2024 Olympic Gymnastics Team
Sad To Announce I Did Not Qualify For Mens 2024 Olympic Gymnastics TeamThe Rock
zhlédnutí 31M
This Famous Athlete Shocked the Olympics 👟00:29This Famous Athlete Shocked the Olympics 👟
This Famous Athlete Shocked the Olympics 👟Anthony Wreyn
zhlédnutí 12M
Přilepili si tetování na druhou ruku.00:23Přilepili si tetování na druhou ruku.
Přilepili si tetování na druhou ruku.Multi Do Czech
zhlédnutí 102K
Nurse's Mission: Bringing Joy to Young Lives #shorts00:17Nurse's Mission: Bringing Joy to Young Lives #shorts
Nurse's Mission: Bringing Joy to Young Lives #shortsFabiosa Stories
zhlédnutí 3M