10-18, 10:00–10:50 (America/New_York), Track 2 (206a)
Language: English
This talk explores the reverse engineering of the proprietary DUOX PLUS intercom system, focusing on its digital signaling, identification methods, and security weaknesses. Using hardware tools like oscilloscopes, logic analyzers and breadboards we demonstrate MITM attacks, spoofing, and signal manipulation. Attendees will gain hands-on insights into decoding and interacting with closed digital protocols, exposing vulnerabilities in real-world access control systems.
The DUOX PLUS system is a digital, non-polarized two-wire intercom and video entry system, which is widely used in residential and commercial security installations in Europe and Asia. While proprietary and closed-source, its extensive deployment raises critical security questions about its robustness against interception and spoofing.
This talk details an ongoing effort to reverse engineer the DUOX PLUS protocol by analyzing its electrical characteristics, digital signaling, and communication structure. Through oscilloscope probing and logic analysis, we uncover how the system transmits and authenticates calls, video streams, and access control signals.
Kirils Solovjovs is Latvia's top white-hat hacker and IT policy activist, known for exposing major security flaws. An expert in penetration testing, reverse engineering, and network analysis, he started coding at 7 and was writing machine code by grade 9. A command-line enthusiast, he uses bash daily for hacking, automation, and data tasks, and reviews bash exams for top e-learning platforms. He is currently the lead researcher at Possible Security.