DEF CON 27 - Intro to Embedded Hacking-How you can find a decade old bug in widely deployed devices
4,539
Published 2019-12-05
This talk is an introduction to hardware hacking and as a case study I'll use the [REDACTED] Deskphone, a device frequently deployed in corporate environments. I'll use it to introduce the tools and methodology needed to answer these questions.
During this talk, attendees will get a close up look at the operations of a hardware hacker, including ARM disassembly, firmware extraction using binwalk, micro-soldering to patch an EEPROM and get a root shell over UART, and ultimately uncover an already known decade-old bug that somehow remained unnoticed in the device's firmware.
Beyond the case study I will also address alternative tactics; some did not work, others may have but were not the lowest-hanging fruit. When it comes to hardware hacking, the process is as important as the result; knowing that there are multiple ways to reach the end goal helps researchers remain confident when hurdles arise. After the talk, attendees will have an increased distrust towards always-on devices; however, they will have the background knowledge to investigate the products and systems they encounter daily.
Intro to Embedded Hacking-How you too can find a decade old bug in widely deployed devices. [REDACTED] Deskphones, a case study.