Description: High-end videoconferencing systems are widely deployed at critical locations such as corporate meeting rooms or boardrooms. Many of these systems are reachable from the Internet or via the telephone network while in many cases the security considerations are limited to the secure deployment and configuration.
We conducted a case study on Polycom HDX devices in order to assess the current state of security on those devices. After analyzing the software update file format and showing how to get system level access to the otherwise closed devices we describe how to setup a proper vulnerability development environment which lays the groundwork for future security research.
We demonstrate the feasibility of remotely compromising Polycom HDX devices over the network by implementing an exploit for one of the vulnerabilities we identified in the H.323 stack of the current software version which allows us to compromise even firewalled devices as long as the H.323 port is reachable. Our attack does not require the auto-answer feature for incoming calls to be turned on.
We conclude with some thoughts about post-exploitation and describe possible ways to control attached peripherals such as the video camera and microphone which could be used to build a surveillance rootkit.
For More Information please visit : - http://www.blackhat.com/eu-13/briefings.html
Tags: securitytube , hacking , hackers , information security , convention , computer security , blackhat-eu-2013 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.