Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Dial V for Vulnerable - Attacking VoIP Phones

44CON Information Security Conference via YouTube

Overview

Explore the world of VoIP phone vulnerabilities in this 41-minute conference talk from the 44CON Information Security Conference. Dive into past projects and future prospects before examining the architecture and attack targets of VoIP systems. Learn about firmware access techniques, including SPI, UART, and bootloader examples. Discover various emulation approaches and firmware vulnerabilities, such as null pointer dereference and web-based findings. Investigate command injection techniques, password bypass methods, and stack-based buffer overflows in ARM devices. Gain insights into exploit development challenges, device overviews, and vulnerability assessments. Conclude with valuable recommendations for users, administrators, and developers, as well as key lessons learned in VoIP security.

Syllabus

Intro
Past Projects
What's next?
Perfect World
Real World
Architecture and Attack Targets
Abstract Methodology
Firmware Access for Software People
Examples: SPI
Examples: UART
Examples: Bootloader
Use Vulnerability
Emulation Approaches
Firmware Emulation
Dos - NullPointer Dereference
Web Based Findings - CSRF
Web Based Findings - Gigaset Maxwell Basic
Command Injection
Injection Example (Shell Script)
How to Bypass Password?
Exploit to Delete Password
Problem!
Stack Based Buffer Overflow (ARM)
Control SPC
Exploit Development, Challenges
Device Overview
Vulnerability Overview
Recommendations for Users/Admins
Recommendations for Developers
Lessons Learned?

Taught by

44CON Information Security Conference

Reviews

Start your review of Dial V for Vulnerable - Attacking VoIP Phones

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.