i was talking to a founder of a startup since i'm publishing a book in april (shameless plug: it's about how many of today's startups came to be and the founders' stories). i ask every founder to answer the same question that shows up on the YC application: talk about the time you most successfully hacked some (non-computer) system to your advantage.
of the 30 interviews i've done so far, i've seen lots of creative answers. one of the answers reminded me that our apartment uses RFID to get into the building from the outside. the doors to get into my apartment lock automatically at night, so you need the RFID card to get in. there's also keypad that allows you to enter in a room number. so if i typed in my room number, the apartment calls my cell phone and i can talk to the person outside via a speaker near the keypad.
edit: shortly after this went up, i realized who inspired this hack. it was dan gross and robby walker (the guys who started greplin.com). special thanks to them, and some of the hacks they use at greplin.com are genius. the book will go into detail.
so i realized after pushing all the buttons on my cell phone that "9" unlocks the door. in effect, if you get locked out because you had to throw the garbage out at 2am, you must have either your cell phone or RFID card. if you're missing those, you're locked out for good.
i thought it'd be cool to try and hack this, so here's what i did:
- i signed up for a twilio account. this is free and they actually give you $30 of credit when you join. they'll give you a free sandbox number, which you can use to test your scripts.
- in order to imitate the "9" being pressed which unlocks the door, i tried to find somewhere in twilio's API that supported single-digit dialing but they didn't offer it. if i tried to call a single-digit number, it just threw an error and said "invalid number" on the call logs. twilio however does support playback of mp3, so i did a search for the list of DTMF tones and found them here in mp3 format.
- i wrote the very simple script (here's a link to the sample twilio script) which upon receiving a call, plays back the dial tone "9." i uploaded this to my linode box along with the mp3 file and asked my apartment to update my cell number after switching my twilio account over from the sandbox number to a real number.
- i got a notice that the number was updated, and i started letting myself in without keys.
i realized that this would be an easy hack to do in other places where keyless entry systems worked the same way. an e-mail could be sent to the apartment manager to the effect of "i've updated my cell phone number, i wanted to let you know. can you please update it for me? -resident name" and since most apartment managers probably don't verify the e-mail address, you could probably just find the resident names on a directory outside where the mailboxes are at. probably not too useful since that's just one layer of security though.
here's a video of the hack in action: