An office deskphone hacked via ethernet to show an image on its screen. The phone has been covered in electrical tape and paper to obscure its model. Photo: Andy Greenberg/WIRED
A workplace tip: If you’re planning an office prank war, don’t target someone with the skills to reverse-engineer and control the phone on your desk.
That’s the lesson of a demonstration hackers Brandon Edwards and Ben Nell have planned for the Summercon security conference in New York today. After months of research that began with Edwards’ quest to avenge a coworker’s hazing, Edwards and Nell found vulnerabilities in a common desktop telephone that let them take control of it from any computer on the local network. With the phone fully under their command, they’ve made it perform mischief ranging playing audio files to displaying pictures of their choosing.
Good natured pranks aside, their work shows the potential for more nefarious hacks like surreptitiously recording conversations or sniffing traffic from a connected PC.
“It’s a relatively simple device once you’re inside of it,” says Edwards. “We can make it do pretty much anything a phone can do.”
When Edwards started his job as a researcher at cloud security firm Silver Sky in January, he says, a coworker sent a lewd email as a prank, then claimed the note was written by someone who’d accessed his keyboard. Edwards says he responded by spoofing an email from that guy to his boss, seeking enrollment in an HR training class on sexual harassment.
Still, Edwards wasn’t satisfied, however, and began daydreaming about a more epic retaliation involving the phone on his coworker’s desk. He called up his friend Nell, a security researcher and reverse engineering guru who immediately hit eBay to order the same phone used in Edwards’ office. Working together, Nell and Edwards found a debugging port on the back of the phone, spliced a connection to their laptops, and dumped the device’s memory. They soon discovered, as Nell puts it, “a mountain of bugs.”
“It was like you were in a room full of bugs, and you couldn’t not step on them,” he says. Among the plentiful coding errors was one that allowed them to execute what’s known as a buffer overflow, a type of exploit that allows them to write into the phone’s memory and execute arbitrary commands without any limits to their user privileges.
No comments:
Post a Comment