Vera Mens


Designation :

Security Researcher, Claroty

Talk Title :

The Silent Spy Among Us - Modern Attacks Against Smart Intercoms

Abstract :

Recently our company had to move to a new office. When we came in the morning, at the entrance, we noticed a new shining smart intercom device equipped with a built-in camera. Intrigued, we decided to dive in and see how (in)secure it is.

This talk will explore how we hacked smart cloud-based intercoms. We will explain how modern intercoms operate and how they leverage new technologies and protocols related to VOIP communications - the delivery of voice communications and multimedia sessions over the internet. SIP, SDP, STUN, and RTP are just some examples.

In the end, we found multiple vulnerabilities in the device itself and in the connectivity with the cloud platform. Exploiting the vulnerabilities enabled us to gain pre-auth remote code execution, see images from all cloud-connected devices, and silently open remote video streams.

Bio :

Vera Mens is a Vulnerability Researcher at Claroty, passionate about low-level security and electronics. She began her career as a low-level software engineer and later transitioned to security and vulnerability research. Today, Vera uses the same mistakes she made as a developer to find bugs.

Want to connect with Vera Mens?