Exploit Archaeology: Raiders of the Lost Payphones

Presented at DEF CON 20 (2012), July 28, 2012, 11 a.m. (50 minutes).

Payphones. Remember those? They used to be a cornerstone of modern civilation, available at every street corner, gas station, or any general place of commerce. For decades, hackers and phone phreaks crowded around them as an altar to high technology and a means to "reach out and touch someone". Fast forward to today, most people have mobile phones. Payphones installed decades earlier are now more of a memorial to a time long gone by. Covered with grime and graffitti, forgotten, relegated to the realm of drug dealers and other undesirables. But they're still around, and they're more vulnerable than ever. This talk will review modern hacking techniques applied to retro hardware. We'll cover owning payphones and how they can be retrofitted with new technologies to turn them into the ultimate low profile hacking platform to compromise your organizations network. There will be demos of payphone hacking on stage, as well as using the payphone to intercept voice phone traffic. We'll also reveal a new tool to automate the exploitation of payphones and relate how (like with all forms of archaelogoy) learning about old platforms can help us secure modern architecture.

Presenters:

  • Josh Brashars - Penetration Tester, Member DC 949
    Joshua Brashars Joshua Brashars is a penetration tester and a member of DC949. He prefers to break things instead of make them. Joshua has presented at several notable security conferences, including Toorcon San Diego, Toorcon Seattle, Thotcon, Baythreat and HOPE. Joshua has also contributed to several titles with Syngress Publishing. Twitter: @savant42

Links:

Similar Presentations: