In June 2021, Promon discovered a vulnerability in a range of video entry systems manufactured by AIPHONE, a leading international manufacturer of intercom and security communication products, that allows bad actors to break into any building which uses the system, utilizing just a mobile device and an NFC tag. The devices in question (GT-DMB-N, GT-DMB-LVN, and GT-DB-VN) can be found protecting residential and corporate buildings globally.

About the discovery

Promon researchers discovered that attackers can use a mobile device with NFC capability to run an attack on the entry system in order to find the admin passcode. Once revealed, it is then possible to inject the serial number of a new NFC tag (which now contains the admin passcode) back into the system’s log of approved tags, giving the attacker both the code in plain text that can then be punched into the keypad, but also an NFC tag that can be used to gain access to the building without the need to touch any buttons at all. The exploit requires a modification app (a custom Android NFC host-based emulation app that mimics the behavior of the official administrative tool).

Mitigations

Models manufactured after December 7, 2021 are not susceptible to this attack. AIPHONE has requested that customers with affected systems manufactured prior to 7 December 2021 should contact them for further instructions. AIPHONE has also shared a notice with customers, alerting them of the vulnerability’s existence. The vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) ID CVE-2022-40903.