Intro to Embedded Hacking-How you too can find a decade old bug in widely deployed devices. [REDACTED] Deskphones, a case study.

Presented at DEF CON 27 (2019), Aug. 8, 2019, 1 p.m. (45 minutes)

From small business to large enterprise, VOIP phones can be found on nearly every desk. But how secure are they? What if your phone was spying on every conversation you have? This talk is an introduction to hardware hacking and as a case study I'll use the [REDACTED] Deskphone, a device frequently deployed in corporate environments. I'll use it to introduce the tools and methodology needed to answer these questions. During this talk, attendees will get a close up look at the operations of a hardware hacker, including ARM disassembly, firmware extraction using binwalk, micro-soldering to patch an EEPROM and get a root shell over UART, and ultimately uncover an already known decade-old bug that somehow remained unnoticed in the device's firmware. Beyond the case study I will also address alternative tactics; some did not work, others may have but were not the lowest-hanging fruit. When it comes to hardware hacking, the process is as important as the result; knowing that there are multiple ways to reach the end goal helps researchers remain confident when hurdles arise. After the talk, attendees will have an increased distrust towards always-on devices; however, they will have the background knowledge to investigate the products and systems they encounter daily.

Presenters:

• Philippe Laulheret - Senior Security Researcher @ McAfee Advanced Threat Research
  Philippe Laulheret is a Senior Security Researcher on the McAfee Advanced Threat Research team. With a focus on Reverse Engineering and Vulnerability Research, Philippe uses his background in Embedded Security and Software Engineering to poke at complex system and get them to behave in interesting ways. He previously talked about Reverse Engineering PSX game at Bsides PDX, created & contributed to some Hardware Hacking CTF when working at Red Balloon Security and shared the love of tearing apart VOIP phones during ad-hoc workshops at multiple conferences (Summer Con, Hardware Hacking Village, etc.) Twitter: @phLaul

Links:

• https://defcon.org/html/defcon-27/dc-27-speakers.html#Laulheret
• https://infocon.org/cons/DEF CON/DEF CON 27/DEF CON 27 video and slides/DEF CON 27 - Philippe Laulheret - Intro to Hardware Hacking.mp4
• https://infocon.org/cons/DEF CON/DEF CON 27/DEF CON 27 video and slides/DEF CON 27 - Philippe Laulheret - Intro to Hardware Hacking.srt (subtitles)
• https://www.youtube.com/watch?v=HuCbr2588-w

Similar Presentations:

• Black Hat USA 2015 / Using Static Binary Analysis to Find Vulnerabilities and Backdoors in Firmware
• BSides Austin 2016 / IoT on Easy Mode
• 30C3 (2013) / An introduction to Firmware Analysis: Techniques - Tools - Tricks