SecParis Meetup

House Intercoms attacks

Presented by Sébastien Dudek, the December 15, 2016 at 20:15.

Description

To break into a building, several methods have already been discussed, such as trying to find the code paths of a digicode, clone RFID cards, use some social engineering attacks, or the use of archaic methods like lockpicking a door lock or breaking a window.

New methods are now possible with recent intercoms. Indeed, these intercoms are used to call the tenants to access the building. But little study has been performed on how these boxes communicate to request and grant access to the building.

In the past, they were connected with wires directly to apartments. Now, these are more practical and allow residents to open doors not only from their classic door phone, but to forward calls to their home or mobile phone. Private houses are now equipped with these new devices and its common to find these “connected” intercoms on recent and renovated buildings.

In this presentation we will introduce the Intercoms and focus on one particular devices that is commonly installed in buildings today. Then we will present our analysis on an interesting attack vector, which already has its own history. After this analysis, we will present our environment to test the intercoms, and show some practical attacks and our results that could be performed on these devices. During this talks, the evolution of our mobile lab and some advances on the 3G intercoms attacks will be also presented.

Author

Sébastien Dudek is a security consultant at Synacktiv. His main fields of interest are radio communication technologies and network and software security. He has been a speaker at NoSuchCon and Hack.lu. He has also contributed for the French magazine MISC and blogged about various security mechanisms.