How we hacked our office doorbell using Slack, MessageBird and Now

How we hacked our office doorbell using Slack, MessageBird and Now

We built a small bot that allows us to open the door at our office via Slack.

With a constantly growing merchant base (we’re currently serving over 50k+ merchants) comes an increasing number of employees. When we reached 80 employees back in April, we moved a few of our teams to a new office space just in front of our main office. We called it Mollie Studios.

Instead of the traditional doorbell systems, our landlord installed one that works using a SIM card. Every time a visitor rings the bell, a call is made to a cellphone that’s laying around somewhere in the office. We can then answer the phone, and press “3” on the phone keyboard to open the door. Yet due to our noise canceling headphones most of us never heard the doorbell ring.

Adriaan and me started thinking of a better solution: how cool would it be if we could open the door using our own Slack bot?

The basics

We noticed that MessageBird just launched a new product: Flow Builder . This would allow us to create a visual flow for incoming calls via the phone number that we bought via MessageBird.

It was fairly easy to set up a basic flow that would:

• Welcome visitors by saying “Welcome at Mollie Studios. Please wait while we find someone to open the door for you.”
• Send a HTTP request to our webserver.

Or, if the call is made outside office hours :

• Say “Mollie Studios is currently closed. Please contact a Mollie employee for urgent matters.” and ends the call.

To achieve this, we set up a basic Node.js webserver using Express that would send a message to a certain Slack channel whenever a call was made.

MessageBird sends a couple of extra parameters with each request, including a callID . When a new request comes in, we’ll make an API call to MessageBird, to verify whether this voice call actually happened and if it happened within the last 2 minutes. We also used the query parameters destination and source from the incoming webhook call and matched these against the data from MessageBird. This would make sure that only “real” doorbell calls would trigger Slack notifications.

If the call is legit, we generate a random token and store it in-memory.

What’s next?

The next step was to attach interactive buttons to our Slack notification. We added the “Open door” action to each message that was sent by our bot. Whenever someone presses that button, Slack makes a call to our Node webserver and verifies the tokens that we’ve passed to the callback URL with the token that we stored in-memory in the previous step.

In order to actually open the door (after a Mollie employee has pressed the Slack button) we need to tell MessageBird to press the button “3” on the phone keyboard during the call. Unfortunately, this is not something Messagebird can do, since all communication is done via APIs. We had to find a more creative solution.

The good news was that MessageBird does allows us to add a step to our call flow that will fetch a dynamic call flow from an external URL. At the same time, Adriaan remembered the “ Blue Box ” that Steve Wozniak and Steve Jobs used to make free calls world wide by sending out certain tones. This was it!

We could use this to make the doorbell think that someone actually pressed “3” on the phone keyboard. In order to understand how we could send the “open” signal to our doorbell using a dynamic call flow, it’s important to know the basics of telecommunication signaling.

In telecommunication, signaling works using the Dual-tone multi-frequency signalin g (DTMF) technology. That means when we press a button on phone keyboard, the sound sent out has a high frequency and a low frequency. In other words, if you make a sound with a related high and low frequency, the related number can be called.

We recorded the sound that our cellphone made when we pressed the “3” and saved it as a static .wav file on our webserver. If we are able to make MessageBird play this sound, the doorbell should recognize this and open the door itself!

To accomplish this, we added a few more steps to the MessageBird call-flow that tried to retrieve a dynamic call-flow every second (with a maximum of 10 seconds).

Each time MessageBird makes the call, our server checks if someone authorized to open the door in the last 10 seconds. If that’s not the case (meaning someone did not press the “Open door” button via Slack), it will return a 200 OK. MessageBird will then wait for 1 second, and try to fetch the call-flow again.

If someone did press the “Open door” action button and the authorization tokens are matching, we’ll return the following dynamic call-flow:

MessageBird will then play the same sound that you’d actually hear when you press “3” on the phone keyboard, and the doorbell will open the door. Winning!

Realtime deployments

Once our webserver was ready, we had to deploy it somewhere. Since this was just a small side-project, we didn’t want to spend too much time on hosting & maintenance. We decided to use ZEIT’s hosting solution called Now . This would allow us to deploy our Node.js in seconds, just by running the now command from our terminal in the projects folder.

It worked out pretty well! Every time we made a change, we had to run two commands and everything was deployed to the cloud within one minute.

Conclusion

AtMollie, we’re constantly working on fixing problems by using the newest technology made by our friends from Slack, MessageBird and ZEIT. This is something that we are and will continue doing.

.

on Twitter.

Sign up at