Gold Sponsors
Silver Sponsors
Bronze Sponsors
Telepresence Options Magazine
telepresence options catalog ad
IC14 Banner TTOP
sponsor telepresence
webrtc telepresence

Latest Telepresence and Visual Collaboration News:
Full Article:

Know Your Foe: A Guide to Hacking Videoconferencing Endpoints

June 18, 2013 | Telepresence Options

guy fawkes hacker


Story and Images by Moritz Jodeit / nruns.com

High-end videoconferencing systems are widely deployed at critical locations such as corporate meeting rooms or boardrooms. Many of these systems are reachable from the Internet or via the telephone network while in many cases the security considerations are limited to the secure deployment and conguration. We conducted a case study on Polycom HDX devices in order to assess the current state of security on those devices. After analyzing the software update format and showing how to get system level access to the otherwise closed devices we describe how to setup a proper vulnerability development environment which lays the groundwork for future security research. We demonstrate the feasibility of remotely compromising Polycom HDX devices over the network by implementing an exploit for one of the vulnerabilities we identified in the H.323 stack of the current software version which allows us to compromise even rewalled devices as long as the H.323 port is reachable. Our attack does not require the auto-answer feature for incoming calls to be turned on. We conclude with some thoughts about post- exploitation and describe possible ways to control attached peripherals such as the video camera and microphone which could be used to build a surveillance rootkit. 

Hacking Video Conferencing Systems







Add New Comment

Telepresence Options welcomes your comments! You may comment using your name and email (which will not be displayed), or you may connect with your Twitter, Facebook, Google+, or DISQUS account.