Zero-Touch-Pwn - Abusing Zoom's Zero Touch Provisioning for Remote Attacks on Desk Phones

Explore a critical security analysis of Zoom's "Zero Touch Provisioning" method in this 31-minute Black Hat conference talk. Delve into the vulnerabilities of cloud communication platforms when integrated with traditional endpoints like desk phones and analog gateways. Discover how centralized configurations and firmware in provisioning services can be exploited for remote attacks. Learn about the potential risks associated with certified hardware in Zoom's ecosystem. Gain insights into the intersection of modern cloud communication and legacy hardware, and understand the implications for organizational security. Presented by Moritz Abrell, this talk offers valuable information for cybersecurity professionals, IT administrators, and anyone involved in implementing or managing cloud communication systems.

Zero-Touch-Pwn: Abusing Zoom's Zero Touch Provisioning for Remote Attacks on Desk Phones