The Insecurity of Cloudless Smart Door Systems

Explore the vulnerabilities of cloudless smart door systems in this 53-minute conference talk from the Hack In The Box Security Conference. Dive into the complexities of intercom networks in large buildings, including call buttons, access control units, and IP gateways. Learn about typical scenarios where intercom systems interface with IP networks, focusing on two devices designed for larger installations without cloud dependence. Discover the security implications of these systems through technical analysis and live demonstrations. Gain insights from security researchers Sebastian Neef, Julian Beier, and Lars Burhop as they discuss vulnerabilities found in the SG150 device, including command injection and unauthorized read access. Understand the lessons learned from this research and its implications for enterprise and security-conscious users.

Intro
What is a Smart Gateway
Why integrate a Smart Gateway
How easy is it to remove someone
Which devices were tested
Technical Analysis
SG150
First two vulnerabilities
Live demo
Third vulnerability
Second vulnerability
First vulnerability
Read access
Command Injection
Lessons Learned
Questions