ไม่สามารถเล่นวิดีโอนี้
ขออภัยในความไม่สะดวก
Philippe Laulheret - Intro to Hardware Hacking - DEF CON 27 Conference
ฝัง
- เผยแพร่เมื่อ 14 พ.ย. 2019
- From small business to large enterprise, VOIP phones can be found on nearly every desk. But how secure are they? What if your phone was spying on every conversation you have?
This talk is an introduction to hardware hacking and as a case study I’ll use the [REDACTED] Deskphone, a device frequently deployed in corporate environments. I’ll use it to introduce the tools and methodology needed to answer these questions.
During this talk, attendees will get a close up look at the operations of a hardware hacker, including ARM disassembly, firmware extraction using binwalk, micro-soldering to patch an EEPROM and get a root shell over UART, and ultimately uncover an already known decade-old bug that somehow remained unnoticed in the device’s firmware.
Beyond the case study I will also address alternative tactics; some did not work, others may have but were not the lowest-hanging fruit. When it comes to hardware hacking, the process is as important as the result; knowing that there are multiple ways to reach the end goal helps researchers remain confident when hurdles arise. After the talk, attendees will have an increased distrust towards always-on devices; however, they will have the background knowledge to investigate the products and systems they encounter daily.
Philippe Laulheret
Philippe Laulheret is a Senior Security Researcher on the McAfee Advanced Threat Research team. With a focus on Reverse Engineering and Vulnerability Research, Philippe uses his background in Embedded Security and Software Engineering to poke at complex system and get them to behave in interesting ways. He previously talked about Reverse Engineering PSX game at Bsides PDX, created & contributed to some Hardware Hacking CTF when working at Red Balloon Security and shared the love of tearing apart VOIP phones during ad-hoc workshops at multiple conferences (Summer Con, Hardware Hacking Village, etc.)
Twitter: @phLaul
I'm from poland and i understand almost everything what he said (yep i work in international team). Im amazed that frenchman talks in english (usually thay cant say yes or no, so...). You should be thankfull for what he said, because he has good knowledge.
Indeed he does
How did you learn this stuff? What do you search for on google/youtube?
@@jimj2683 go get a cert then more and more and more and more other wise learn to google and break the law :P
He's not making an effort, and he's doing it just to piss you off.
@@jimj2683 educdu is a great place for just a bunch of options. But just playing around with devices is always fun
Great talk, took a lot of notes, you name dropped a lot of stuff I'll have to look into deeper.
Tip: use Audio EQ extension and hit the "mono" mode to make it come out of both R and L earphones / speakers
Tip: if you accidentally put too much salt on your food, put salt on your food to absorb the salt
@@9393jack what?
Lolz, I'm a ESL and I understood 90%+ of what he said. Not saying I would be able to pull off everything he did there, though...
lot of information, but take your time , pas important si tu perd 2-3 desinteresser, exemple school teacher. dans tout les cas vous mavez entre ouvert quelque porte a explorer dans mon devloppement personel. thanks great overview of different method , thanks you
I’m not sure but it has some serious Gen X vibes ❤
Man’s accent is pretty understandable. But I’m Australian so what do I know
I'm west African. I can understand everthing he said
Not as much good pictures 😩. Anyone have better images. Or like a video of the phone?
Wait, what? Mandarinki?
Why did the console work through the plug but not through the pad?
Started off thinking it might be good but went down hill, tracing vias that goto the other side? Isn't this a multi layer board?
Good point. It might have been and would explain why I lost track of it. That being said you're missing the point. It was an exploratory process which successfully led to the result of finding the uart. I'm disappointed you feel it's going down hill from there, but good for you if you didn't learn anything from this talk. You should present next time and share even more knowledge 👍
@@Silverbahamut you butthurt..?
@@movement2contact are you butt hurt over him being potentially butt hurt ?
@@jordenwilliams8874 I don't think so 🤔
These guyz
we have board CPU is SH4 family 6417751R is USB jtag support it to dump 2 of flash JS28F640J3 ??? OS IS VXworks system have UART and jtag pin out
Thanks
UI UI
Tu parles trop vite.
vraiment stresser le gars. lot of information, but take your time ,
How do you say, not a public speaker
Small p p thing to say
Can someone please hack a Tesla so it can be used as a mobile surveillance platform with a live feed?
The next generation police cars will be electric and function as interconnected surveillance platforms. They will have on-board drones and robots to assist. Even today you could easily have a Boston Dynamics "Spot" and some DJI drones in a squad car. The "spot" is an ideal weapons platform for both lethal and non-lethal munitions. If they could link up both public and private surveillance cameras via 5G and all those Alexa home assistants and camera alarm systems, we really have a dystopian reality. I really don't like Elon's Star link satellites, facial recognition, social credit, cashless society, killer robots, drone swarms, no borders, international law.
In this nightmare of a future it might well be useful to hack hardware :/
I am just praying for a massive solar flare so my children will not have to live like that. Big Brother is scary enough without him having all these tools. When is the next idiot going to be voted in or seize power? The leaders we have today are fucked up enough as it is. The next one may be a murderous psychopath. This technology is insane, and now they want to make it "self aware" and create artificial intelligence??? IT IS MADNESS!
The Una bomber was right!
@@Willy_Tepes tbh self aware robotics are pretty handy in some way, but if they are going to be used as a weapon or as a method of spying. I will have to agree with you
It’s already worse than that in China. We probably don’t even know the full extent of surveillance in the US.
You're absolutely right, and I believe Nexus is being a little nïeve, or at least idealist, saying "They'll have to agree with you." since we're all aware that tech has issues and is rarely, if ever, flawless.
I understood nothing. How do people learn this stuff??
They learn it very Frenchly?
Underrated comment
EE degree prolly
You write down what you do not understand and then start doing research. Then you come back and repeat.
if you talk French it will be better 😂😂😂
13:42 Why does he have to use the devilhands grip when holding both the soldering iron and the airgun? Does he like to signal his fellow satan worshippers?
Is this a joke 😭
@@martysh1226 Not at all. Such signalling is also done in the with the "One Eye Club" where famous people sport a black eye for the camera and in other cases famous musicians intentionally cover one of their eyes for photo shoots whether with one hand or with their hair or a foreground object.
Comrade, this is DEF CON. We love signaling our fellow satan worshipers.
Ugh just get someone to read it for you