Explore the world of hacking video conferencing systems in this Black Hat EU 2013 conference talk. Delve into a comprehensive case study on Polycom HDX devices, uncovering vulnerabilities in high-end videoconferencing systems commonly deployed in critical corporate locations. Learn how to analyze software update file formats, gain system-level access to closed devices, and set up a vulnerability development environment. Witness a demonstration of remotely compromising Polycom HDX devices over the network by exploiting vulnerabilities in the H.323 stack. Discover post-exploitation techniques, including methods to control attached peripherals like video cameras and microphones, potentially leading to the creation of a surveillance rootkit. Gain insights into the device architecture, filesystem, configuration files, and main processes of these systems. Explore the intricacies of the H.323 protocol, call initiation, and call detail records. Understand the challenges of SQL injection exploits and format string bugs. Finally, learn about the Polycom disclosure process and the implications of these security findings for the videoconferencing industry. Read more