{"guid":"8d0aed87-2484-4880-ae08-2dc3c7898959","title":"Intercoms Hacking","subtitle":"Call the frontdoor to install your backdoors","slug":"33c3-8027-intercoms_hacking","link":"https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8027.html","description":"\u003cp\u003eTo break into a building, several methods have already been discussed, such as trying to find the code\npaths of a digicode, clone RFID cards, use some social engineering attacks, or the use of archaic methods\nlike lockpicking a door lock or breaking a window.\u003c/p\u003e\n\u003cp\u003eNew methods are now possible with recent intercoms.\nIndeed, these intercoms are used to call the tenants to access the building. But little study has been\nperformed on how these boxes communicate to request and grant access to the building.\u003c/p\u003e\n\u003cp\u003eIn the past, they were connected with wires directly to apartments. Now, these are more practical and\nallow residents to open doors not only from their classic door phone, but to forward calls to their home\nor mobile phone. Private houses are now equipped with these new devices and its common to find these\n“connected” intercoms on recent and renovated buildings.\u003c/p\u003e\n\u003cp\u003eIn this short paper we introduce the Intercoms and focus on one particular device that is commonly\ninstalled in buildings today. Then we present our analysis on an interesting attack vector, which already\nhas its own history. After this analysis, we present our environment to test the intercoms, and show some\npractical attacks that could be performed on these devices. During this talks, the evolution of our mobile lab and some advances on the 3G intercoms, and M2M intercoms attacks will be also presented.\u003c/p\u003e","original_language":"eng","persons":["Sebastien Dudek"],"view_count":2266,"promoted":false,"date":"2016-12-28T21:45:00.000+01:00","release_date":"2016-12-29T01:00:00.000+01:00","updated_at":"2026-04-03T21:00:09.190+02:00","tags":["Security"],"length":2450,"duration":2450,"thumb_url":"https://static.media.ccc.de/media/congress/2016/8027-hd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2016/8027-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2016/8d0aed87-2484-4880-ae08-2dc3c7898959-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2016/8d0aed87-2484-4880-ae08-2dc3c7898959-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/33c3-8027-intercoms_hacking","url":"https://api.media.ccc.de/public/events/8d0aed87-2484-4880-ae08-2dc3c7898959","conference_title":"33C3: works for me","conference_url":"https://api.media.ccc.de/public/conferences/33c3","related":[{"event_id":3601,"event_guid":"5a517be2-220b-4eb6-88c3-e7ef08c98ace","weight":33},{"event_id":3640,"event_guid":"700a07e7-a9c4-437b-a4c5-4491b23a9b4a","weight":34},{"event_id":3656,"event_guid":"1a6657a2-b6c2-4acc-b8fc-5ec081c0877f","weight":31},{"event_id":3657,"event_guid":"4bff9cb3-9e91-4305-9029-f4d9053c7b5c","weight":32},{"event_id":3662,"event_guid":"8c32309e-7136-4899-8ee4-1558e63ad137","weight":31},{"event_id":3665,"event_guid":"e204268f-0cea-4a1f-bb38-e7d50496492e","weight":30},{"event_id":3669,"event_guid":"7ef9172a-e2c7-4e78-9316-08449bd582c6","weight":29},{"event_id":3676,"event_guid":"f6811c99-96af-44d5-b82d-5afe826b2caf","weight":29},{"event_id":3681,"event_guid":"149f13d4-cc8c-49a9-9e68-544754646022","weight":35},{"event_id":3683,"event_guid":"1b27dbeb-cffc-48a1-b2e6-b2011c338a50","weight":46},{"event_id":3687,"event_guid":"5ae90a09-0b83-4357-bdb4-9afc04100c68","weight":55},{"event_id":3689,"event_guid":"1f7eb981-2819-4824-8f40-4ddde0be7bf3","weight":93},{"event_id":3693,"event_guid":"90c2f1c6-c32e-4bb2-b8a0-db6b4e24e4b3","weight":45},{"event_id":3694,"event_guid":"ef62eb53-cb69-42c6-aab0-bc9d3b0e1e92","weight":74},{"event_id":3695,"event_guid":"c300b194-2a85-4705-92aa-b4e789882303","weight":56},{"event_id":3698,"event_guid":"994082de-ef8e-4f8e-8c46-ec0eb110b845","weight":30},{"event_id":3701,"event_guid":"155a622a-196e-4e05-a262-88f3a7726bbe","weight":46},{"event_id":3708,"event_guid":"aaec73e9-66b9-46d2-aa0f-9f43018198ea","weight":30},{"event_id":3731,"event_guid":"bc638f9f-0370-42f9-b83c-f85cca4ca38d","weight":29},{"event_id":3734,"event_guid":"34ea8f1f-9fad-41aa-8424-e833f10e5e8b","weight":40},{"event_id":3742,"event_guid":"7a5971c8-746b-4450-ba89-6569667f77c2","weight":37},{"event_id":3747,"event_guid":"fc6c53de-ec9d-4966-a912-5cfaf54c0dd2","weight":29},{"event_id":3762,"event_guid":"25e2df7d-5740-4c2f-bc34-986326d606fe","weight":35}],"recordings":[{"size":null,"length":null,"mime_type":"application/x-subrip","language":"eng","filename":"DRAFT_33c3-8027-eng-deu-Intercoms_Hacking.en_DRAFT.srt","state":"todo","folder":"","high_quality":true,"width":null,"height":null,"updated_at":"2022-01-15T17:32:25.217+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/DRAFT_33c3-8027-eng-deu-Intercoms_Hacking.en_DRAFT.srt","url":"https://api.media.ccc.de/public/recordings/50610","event_url":"https://api.media.ccc.de/public/events/8d0aed87-2484-4880-ae08-2dc3c7898959","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":234,"length":2450,"mime_type":"video/mp4","language":"eng","filename":"33c3-8027-eng-Intercoms_Hacking.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2016-12-29T10:56:50.581+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/h264-hd/33c3-8027-eng-Intercoms_Hacking.mp4","url":"https://api.media.ccc.de/public/recordings/14174","event_url":"https://api.media.ccc.de/public/events/8d0aed87-2484-4880-ae08-2dc3c7898959","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":261,"length":2450,"mime_type":"video/mp4","language":"deu","filename":"33c3-8027-deu-Intercoms_Hacking.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2016-12-29T10:57:05.236+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/h264-hd/33c3-8027-deu-Intercoms_Hacking.mp4","url":"https://api.media.ccc.de/public/recordings/14175","event_url":"https://api.media.ccc.de/public/events/8d0aed87-2484-4880-ae08-2dc3c7898959","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":318,"length":2450,"mime_type":"video/mp4","language":"eng-deu","filename":"33c3-8027-eng-deu-Intercoms_Hacking_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2016-12-29T10:57:16.985+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/h264-hd/33c3-8027-eng-deu-Intercoms_Hacking_hd.mp4","url":"https://api.media.ccc.de/public/recordings/14176","event_url":"https://api.media.ccc.de/public/events/8d0aed87-2484-4880-ae08-2dc3c7898959","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":37,"length":2437,"mime_type":"audio/mpeg","language":"eng","filename":"33c3-8027-eng-Intercoms_Hacking.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2016-12-29T14:03:41.855+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/mp3/33c3-8027-eng-Intercoms_Hacking.mp3","url":"https://api.media.ccc.de/public/recordings/14264","event_url":"https://api.media.ccc.de/public/events/8d0aed87-2484-4880-ae08-2dc3c7898959","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":29,"length":2437,"mime_type":"audio/opus","language":"eng","filename":"33c3-8027-eng-Intercoms_Hacking.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2016-12-29T14:04:25.694+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/opus/33c3-8027-eng-Intercoms_Hacking.opus","url":"https://api.media.ccc.de/public/recordings/14265","event_url":"https://api.media.ccc.de/public/events/8d0aed87-2484-4880-ae08-2dc3c7898959","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":111,"length":2450,"mime_type":"video/mp4","language":"eng-deu","filename":"33c3-8027-eng-deu-Intercoms_Hacking_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2016-12-29T14:04:51.833+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/h264-sd/33c3-8027-eng-deu-Intercoms_Hacking_sd.mp4","url":"https://api.media.ccc.de/public/recordings/14266","event_url":"https://api.media.ccc.de/public/events/8d0aed87-2484-4880-ae08-2dc3c7898959","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":108,"length":2450,"mime_type":"video/webm","language":"eng-deu","filename":"33c3-8027-eng-deu-Intercoms_Hacking_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2016-12-29T14:05:17.685+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/webm-sd/33c3-8027-eng-deu-Intercoms_Hacking_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/14267","event_url":"https://api.media.ccc.de/public/events/8d0aed87-2484-4880-ae08-2dc3c7898959","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":259,"length":2450,"mime_type":"video/webm","language":"eng-deu","filename":"33c3-8027-eng-deu-Intercoms_Hacking_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2016-12-29T14:06:09.923+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/webm-hd/33c3-8027-eng-deu-Intercoms_Hacking_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/14268","event_url":"https://api.media.ccc.de/public/events/8d0aed87-2484-4880-ae08-2dc3c7898959","conference_url":"https://api.media.ccc.de/public/conferences/33c3"}]}