Dial V for Vulnerable - Attacking VoIP Phones

Explore the world of VoIP phone vulnerabilities in this 41-minute conference talk from the 44CON Information Security Conference. Dive into past projects and future prospects before examining the architecture and attack targets of VoIP systems. Learn about firmware access techniques, including SPI, UART, and bootloader examples. Discover various emulation approaches and firmware vulnerabilities, such as null pointer dereference and web-based findings. Investigate command injection techniques, password bypass methods, and stack-based buffer overflows in ARM devices. Gain insights into exploit development challenges, device overviews, and vulnerability assessments. Conclude with valuable recommendations for users, administrators, and developers, as well as key lessons learned in VoIP security.

Intro
Past Projects
What's next?
Perfect World
Real World
Architecture and Attack Targets
Abstract Methodology
Firmware Access for Software People
Examples: SPI
Examples: UART
Examples: Bootloader
Use Vulnerability
Emulation Approaches
Firmware Emulation
Dos - NullPointer Dereference
Web Based Findings - CSRF
Web Based Findings - Gigaset Maxwell Basic
Command Injection
Injection Example (Shell Script)
How to Bypass Password?
Exploit to Delete Password
Problem!
Stack Based Buffer Overflow (ARM)
Control SPC
Exploit Development, Challenges
Device Overview
Vulnerability Overview
Recommendations for Users/Admins
Recommendations for Developers
Lessons Learned?