Riddlegate: automating apartment intercoms

If you’ve ever lived in an apartment building or gated complex, you’ve probably seen one of these things:

Apartment Intercom

A person dials some code to reach you, you make sure it’s someone you’re expecting, and you press some digits on your phone to grant access.

However handy this is, there are situations where it’s not very helpful. I can’t count how many packages I’ve missed because I was away from my phone when the delivery driver arrived. I really wanted to be able to just give them a code that allowed them access.

Enter Twilio. It enables exactly this. You rent a phone number through them (very cheap — on the order of $1/month), which can be configured to call HTTP endpoints when it receives a call, SMS, etc.

I built a small application around this to automate my apartment’s intercom. The intercom is configured to call my Twilio number, which will interact with the application. I called it “Riddlegate” after that plotline in The Neverending Story with the sphinxes. It’s pretty simple and self-explanatory. Here’s a screenshot of the admin UI:

X30j6Vt

Now when I have a guest, I can give them instructions that don’t involve me being near my phone:

  1. Dial <number>
  2. Wait for tone
  3. Dial <passcode>

And Riddlegate will buzz them in!

A (hopefully-not-too-terse) setup guide is included in the Github README.

Security

Given that this controls access to your building/complex, security is an important concern. There are a few things Riddlegate does to improve security:

  1. Twilio signs all requests it sends with your API key. Riddlegate validates these signatures and denies access when it detects an invalid signature. This prevents a would-be attacker from brute-forcing your access code if they were to discover your endpoint URL.
  2. Admin area is password-protected. This is obviously only as secure as the password you choose. Also obviously better if you serve over HTTPS.

Leave a Reply

Your email address will not be published. Required fields are marked *