About a year ago I posted a link to Ang Cui's talk at last year's Chaos Communications Congress about a security exploit that thoroughly compromised HP printers simply by printing a malicious document.
This year Cui and his colleague Michael Costello are back at CCC with an exploit that pwns most Cisco VOIP phones, turning them into room bugs. As he says in the talk, "Just because you're paranoid doesn't mean that your phone isn't listening to you."
What blows me away about this is not that this is some new exploit that nobody had ever thought of before -- it isn't, though it certainly is clever -- it's that this is possible in 2012. Amazing.