Stefan Gloor
I'm an electrical engineer by training working as a embedded software developer during the day. In my free time, I like to reverse-engineer and break embedded devices of all kinds!
You can find a collection of my personal projects on my blog:
https://stefan-gloor.ch
Session
08-11
19:00
50min
Die Hardcoded: Unlocking Yealink's (weakest) secrets
Jeroen Hermans, Stefan Gloor
During this talk we look at hardware and firmware reverse engineering, but also at corporate intimidation tactics and how to respond ethically as a security researcher.
Leveraging the hard-coded AES keys, outdated software, and lots and lots of custom code we found, we were able to install "custom code" on some phones and access global customer configuration data by exploiting Yealink's global cloud provisioning service (RPS).
Hacking
Cassiopeia