Description
Do you trust the embedded devices around you? Perhaps you shouldn't! Even industry giants make significant mistakes. In this presentation, we will analyse Cisco's VoIP phones, that can be found in offices, governmental buildings, and even the White House. These devices were found to have critical vulnerabilities, including easily exploitable flaws.
Fun Fact: Did you know that President Biden and Trump used these phones?
Among the vulnerabilities discovered was unauthenticated packet capture, allowing attackers to intercept and listen to any phone call made or received on the device. We'll demonstrate live how simple it is to intercept, reconstruct, and listen to a phone call.
This presentation will dive into other issues uncovered during the blackbox testing of these devices. We'll also discuss what Cisco could have done differently to prevent these vulnerabilities and provide guidance on how to avoid similar pitfalls. Additionally, we are going explore the challenges and importance of thorough blackbox testing.
Join us for a comprehensive look at the security flaws in trusted devices and learn how to protect against them.
Optional: Speaker / convener biography
Balazs Bucsay is the founder & CEO of Mantra Information Security that offers a variety of consultancy services in the field of IT Security. With decades of offensive security experience, he is focusing his time mainly on research in various fields including red teaming, reverse engineering, embedded devices, firmware emulation and cloud. He gave multiple talks around the globe (Singapore, London, Melbourne, Honolulu) on different advanced topics and released several tools and papers about the latest techniques. He has multiple certifications (OSCE, OSCP, OSWP) related to penetration testing, exploit writing and other low-level topics and degrees in Mathematics and Computer Science. Balazs thinks that sharing knowledge is one of the most important things, so he always shares it with his peers. Because of his passion for technology, he starts the second shift right after work to do some research to find new vulnerabilities.
| Length | 30 minutes |
|---|
