Jeroen Hermans
Jeroen is a technical consultant with a background in electrical engineering and security. He started his consultancy business "CloudAware" located in The Hague in 2002. His consultancy business has been active in a wide spectrum of technologies ranging from signal intelligence to cloud services.
In the last couple of years CloudAware has been particularly active in the field of cyber security.
Jeroen publishes regularly on the blog of CloudAware: https://cloudaware.eu
Sessions
Building entrance systems for prisons, hospitals an tv studio's should be secure. But is this really the case?
After "Knock knock who's there 1.0" at MCH2022, we will again look at some high-tech lockpicking, this time at more sensitive locations. The responsible disclosure is a tale of it's own! And why exactly is a 3-letter agency in the US interested in the disclosure?
During this talk we look at hardware and firmware reverse engineering, but also at corporate intimidation tactics and how to respond ethically as a security researcher.
Leveraging the hard-coded AES keys, outdated software, and lots and lots of custom code we found, we were able to install "custom code" on some phones and access global customer configuration data by exploiting Yealink's global cloud provisioning service (RPS).