Among using obsolete EM4100 RFIDs and weakly implemented access control systems, my alma mater has another thing that I have tried to be quiet about for almost two years now – analog intercoms.
These intercoms are connected to PSTN (VTS in Czech terminology) under the trunk +420 549 49 xxxx.
Within these 10 000 combinations, you can call tens of intercoms and open the doors with the default password “00.” During that time, I managed to make the Faculty of Informatics protect their intercoms so that these would not be accessible from the PSTN. However, you can still access them from any phone inside the University. But, there are many others in other faculties that are still absolutely unprotected.
The University knows the fact. After many months of ignoring it, I feel obliged to publish it finally.
In the video you can see how I managed to create a conference call with four devices, opening them at the same time. All the knowledge I had to know were four four-digit numbers I got by trial and error.
By the way, during my call attacks, I saved money by directly using the SIP service hosted by Czech CESNET. However, when I called from inside the Faculty network, it crashed the firewalls. In the article, the person that investigated the incident had no clue what was behind it. Of course, I confessed to him immediately after I read the article.