logo

Intro to Embedded Hacking—How you too can find a decade old bug in widely deployed devices. [REDACTED] Deskphones, a case study.

Conference:  Defcon 27

2019-08-01

Summary

The presentation discusses the process of extracting firmware files from a phone and reverse engineering the bootloader to gain access to the device.
  • The speaker describes the process of extracting firmware files from a phone and looking for the update mechanism and secrets like passwords and certificates.
  • The speaker recommends fixing the serial console or patching the file system as a last resort to gain access to the device.
  • The speaker explains the process of reverse engineering the bootloader and finding the loading address and interrupt vector.
  • The speaker provides an anecdote about using VLC to exfiltrate audio from a phone's main speaker to illustrate the potential security risks of not securing a network.
The speaker describes using VLC to exfiltrate audio from a phone's main speaker to demonstrate the potential security risks of not securing a network.

Abstract

From small business to large enterprise, VOIP phones can be found on nearly every desk. But how secure are they? What if your phone was spying on every conversation you have? This talk is an introduction to hardware hacking and as a case study I’ll use the [REDACTED] Deskphone, a device frequently deployed in corporate environments. I’ll use it to introduce the tools and methodology needed to answer these questions. During this talk, attendees will get a close up look at the operations of a hardware hacker, including ARM disassembly, firmware extraction using binwalk, micro-soldering to patch an EEPROM and get a root shell over UART, and ultimately uncover an already known decade-old bug that somehow remained unnoticed in the device’s firmware. Beyond the case study I will also address alternative tactics; some did not work, others may have but were not the lowest-hanging fruit. When it comes to hardware hacking, the process is as important as the result; knowing that there are multiple ways to reach the end goal helps researchers remain confident when hurdles arise. After the talk, attendees will have an increased distrust towards always-on devices; however, they will have the background knowledge to investigate the products and systems they encounter daily.

Materials:

Tags:

Post a comment

Related work

Conference:  Defcon 31
Authors: Tom Pohl Principal Consultant and the Penetration Testing Team Manager at LMG Security
2023-08-01

Conference:  Defcon 31
Authors: Vangelis Stykas CTO at Tremau
2023-08-01




Conference:  BlackHat USA 2021
Authors:
2021-11-10