IoT Hacking - Polycom Conference Phone - Web Exploitation

Matt Brown
Matt Brown
9,055
0
Published 2024-04-18
In this video we demonstrate some typical web application analysis performed when security testing IoT devices.

gist.github.com/probonopd/f60dcaa8db06334cf0647d19…

cve.mitre.org/cgi-bin/cvekey.cgi?keyword=polycom

IoT Hackers Hangout Community Discord Invite:
discord.com/invite/vgAcxYdJ7A

🛠️ Stuff I Use 🛠️

🪛 Tools:
XGecu Universal Programmer: amzn.to/4dIhNWy
Multimeter: amzn.to/4b9cUUG
Power Supply: amzn.to/3QBNSpb
Oscilloscope: amzn.to/3UzoAZM
Logic Analyzer: amzn.to/4a9IfFu
USB UART Adapter: amzn.to/4dSbmjB
iFixit Toolkit: amzn.to/44tTjMB

🫠 Soldering & Hot Air Rework Tools:
Soldering Station: amzn.to/4dygJEv
Microsoldering Pencil: amzn.to/4dxPHwY
Microsoldering Tips: amzn.to/3QyKhrT
Rework Station: amzn.to/3JOPV5x
Air Extraction: amzn.to/3QB28yx

🔬 Microscope Setup:
Microscope: amzn.to/4abMMao
Microscope 0.7X Lens: amzn.to/3wrV1S8
Microscope LED Ring Light: amzn.to/4btqiTm
Microscope Camera: amzn.to/3QXSXsb

About Me:
My name is Matt Brown and I'm an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems.

- Soli Deo Gloria

💻 Social:
twitter: twitter.com/nmatt0
linkedin: www.linkedin.com/in/mattbrwn/
github: github.com/nmatt0/

#hacking #iot #cybersecurity #privacy #wireshark
All Comments (21)
  • @funkadellicd
    So pumped that you're putting these out so frequently. I found your channel recently and was sad when i blew through some of your other vid series so fast and you started back up just in time!
  • @TradieTrev
    Well done Matt! Great series on the Polycom, I do enjoy your unscripted style!
  • @OnlyVoltsRT
    Ehy Matt. Really Cool! i usually practice about classic hacker stuff like web pentesting, ctf, hackthebox, etc etc... and i'm really curious about other hacking areas like : firmware extraction, IOT hacking etc. In this video you join the 2 things making a really really cool content. Well Done!
  • @matheuscezar6309
    Every new video it's a new learning. Thanks a lot! I speak from Brazil!!
  • @amaama4140
    Great video, can't wait to see your firmware analysis video.
  • @ingermany1523
    Keep it up. Really nice content. I am glad that I somehow manage to find your channel and to subscribe.
  • @saireddy9707
    awesome work matt great fan of your work keep doing such awesome content happy to see such great researchers like you in our infosec space who are always ready to contribute and educate.
  • @martinskorvald2121
    Why not try opening the S3 bucket to see if all versions of the firmware are there and maybe more things to use for investigation?
  • @adammoss5284
    Thanks for the videos Matt, I purchased a poly phone to have a play with off the bay. Any chance looking over the HDX gear? I picked up a fair bit of this stuff and it looks fun. Found a video of a guy booting one and a compact flash card was staring me in the face so it looks kinda fun..
  • @j3ssh594
    Awesome stuff Matt, You are the GOAT 🐐
  • @tubes41
    I wonder if you could just change the HTTP request to the polycom download server to get all the earlier versions of the firmware and their download links?
  • @joshpontes1366
    What microscope do you use? I got a little tomlov one on Amazon and haven’t been happy with it