BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.recon.cx//recon-2026//talk//QQZNHF
BEGIN:VTIMEZONE
TZID:EST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-recon-2026-QQZNHF@cfp.recon.cx
DTSTART;TZID=EST:20260620T160000
DTEND;TZID=EST:20260620T170000
DESCRIPTION:When reverse engineering the proprietary DUOX PLUS intercom sys
 tem dubbed the ‘most secure in world’ by Fermax\, previously Kirils & 
 friends focused on its digital 2-wire signalling and employed such tools l
 ike oscilloscopes\, logic analyzers and breadboards.\n\nWhile these attack
 s are important as they shine light on the internal workings on the system
 \, their application in the field is limited as one would need to acquire 
 access to the 2-wire bus\, which is only possible from the inside of the b
 uilding.\n\nThen we noticed something that was right in front of our eyes 
 - access control panels! These things are out there just on the perimeter!
  And\, when installed on multi-tenant buildings\, they have RFID reader mo
 dules installed. Fermax offers modules doing EM4100\, MIFARE Classic\, and
  MIFARE Desfire.\n\nIn this talk we give an overview of previous research 
 and expand on it by exploring the possibilities of entering the perimeter 
 by attacking the RFID dimension of these systems\, and exploring card clon
 ing\, implanting\, and cryptographic attacks together with Iceman. \n\nAtt
 endees will gain insight into decoding and interacting with closed digital
  protocols\, exposing vulnerabilities in real-world access control systems
 . They also get practically applying RFID attacks to real world systems in
  use right now.
DTSTAMP:20260612T181601Z
LOCATION:Grand Salon Opera
SUMMARY:From Bus Wires to Badges: Breaking Into DUOX PLUS Through RFID - Ic
 eman\, Kirils Solovjovs
URL:https://cfp.recon.cx/recon-2026/talk/QQZNHF/
END:VEVENT
END:VCALENDAR