conference logo

Playlist "33C3: works for me"

Intercoms Hacking

Sebastien Dudek

To break into a building, several methods have already been discussed, such as trying to find the code
paths of a digicode, clone RFID cards, use some social engineering attacks, or the use of archaic methods
like lockpicking a door lock or breaking a window.


New methods are now possible with recent intercoms.
Indeed, these intercoms are used to call the tenants to access the building. But little study has been
performed on how these boxes communicate to request and grant access to the building.


In the past, they were connected with wires directly to apartments. Now, these are more practical and
allow residents to open doors not only from their classic door phone, but to forward calls to their home
or mobile phone. Private houses are now equipped with these new devices and its common to find these
“connected” intercoms on recent and renovated buildings.


In this short paper we introduce the Intercoms and focus on one particular device that is commonly
installed in buildings today. Then we present our analysis on an interesting attack vector, which already
has its own history. After this analysis, we present our environment to test the intercoms, and show some
practical attacks that could be performed on these devices. During this talks, the evolution of our mobile lab and some advances on the 3G intercoms, and M2M intercoms attacks will be also presented.