Finding Vulnerabilities in Internet-Connected Devices

A Beginner’s Guide

Pascal Zenker and Christoph Wolff

Playlists: '37c3' videos starting here / audio

This introductory session will outline the process of hacking internet-connected devices, with the help of a real world example: Poly telephones and conference speaker systems. We will explain vulnerabilities we identified in them and how they can be leveraged to transform the devices into wiretaps.

In this introductory session we will journey into the field of internet-connected device security. Our talk aims to empower beginners by simplifying the process of hacking such devices.

We'll discuss vulnerabilities we uncovered in Poly telephones and conference speaker systems and describe how we effectively transformed a seemingly innocuous conference speaker into a fully functional wiretap. We'll begin with straightforward findings accessible to beginners and progress to more technical discoveries, so that people with no experience in the field can follow along, too.

By the end of the talk, the attendees will have a foundational understanding of how they can approach hacking such a device and will have learned how the impact of vulnerabilities can be shown and increased by chaining them.

All the vulnerabilities we discovered during our research have been responsibly disclosed to the vendor and will be published in December 2023.


These files contain multiple languages.

This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them.

Please look for "audio tracks" in your desktop video player.