House Intercoms Attacks - When Frontdoors Become Backdoors

Explore the vulnerabilities of modern building intercoms in this 33-minute conference talk from Hack.lu 2016. Delve into the security implications of connected intercom systems, which allow residents to open doors remotely using mobile phones. Examine the evolution from traditional wired intercoms to modern M2M (Machine-to-Machine) solutions. Learn about various attack vectors, including GSM and GPRS interception, signal jamming, and exploitation of M2M networks. Discover practical attack scenarios, such as brute-forcing accounts and manipulating call forwarding. Gain insights into setting up a mobile lab for testing intercom security and understand the potential risks associated with these devices. Conclude with security recommendations for M2M solutions to mitigate vulnerabilities in building access systems.

Intro
Intercoms today
Human curiosity...
Context
Different types of intercoms
Numeric intercoms: simplified architecture
Network architecture with M2M
Different brands market
State Of the Art: tools
GSM and GPRS: authentication
GSM and GPRS: Handover
3G/4G: advantages
Mobile interception: signal attraction A User Equipment connects to the closest Base Station
Jamming is generally basic...
GSM Lab setup: for interception
Intercom setup: configuration
First impressions
Attacker steps to open the door
To trap the intercom
What's next? Let's backdoor it!
Call premium rate numbers
Attack vectors with M2M Intercoms
Bruteforce accounts
Enumerated accounts
Attack scenarios
Reverse look-up directories
Connecting to the M2M network
Traceroute in the M2M virtual network
Conclusion
Security recommendations for M2M solutions