To break into a building, several methods have already been discussed, such as trying to find the code paths of a digicode, clone RFID cards, or the use of some social engineering attacks. New methods are now possible with recent intercoms. Indeed, these intercoms are used to call the tenants to access the building. But little study has been performed on how these boxes communicate to request and grant access to the building.
In the past, they were connected with wires directly to apartments. Now, these are more practical and allow residents to open doors not only from their classic door phone, but to forward calls to their home or mobile phone. Private houses are now equipped with these new devices and its common to find these "connected" intercoms on recent and renovated buildings.
In this presentation we will introduce the Intercoms and focus on one particular devices that is commonly installed in buildings today. Then we will present our analysis on an interesting attack vector, which already has its own history. After this analysis, we will introduce our environment to test the intercoms, and show some practical attacks that could be performed on these devices.