26C3: Encryption code for DECT mobile phones cracked

    Date30 Dec 2009
    Posted ByAlex
    In addition to the crypto algorithm of the GSM mobile telephony standard, security researchers have also cracked the encryption code for calls from cordless phones that are based on the widely used Digital Enhanced Cordless Telecommunication (DECT) standard. This was announced by members of the deDECTed.org project group at the 26th Chaos Communication Congress (26C3) in Berlin on Tuesday. According to the researchers, the respective key used can be extracted from intercepted data traffic with a reasonable amount of effort. The experts think that such prep work will make the DECT Standard Cipher (DSC) "increasingly easier and faster to crack". At last year's hacker conference, members of deDECTed had already pointed out severe flaws in the implementation of the DECT security features. They had used a modified laptop card and a Linux computer for intercepting DECT phones. When running their tests, the researchers noticed that occasionally no encryption process whatsoever exists between the transmitting base station and the handset. Often, the handset simply authenticates itself at the base station in the same way that is stipulated by the GSM mobile telephony standard. In other devices, the base station did authenticate itself, but without encryption. In all of these cases, the hackers were able to record active conversations in plain text.

    At the time, however, the group was unable to successfully simulate an attack on the secret DSC. Now, the researchers have made further progress, which effectively means that phone conversations via DECT devices must be considered insecure even if a vendor has correctly implemented the standard's prescribed encryption features. According to crypto researcher Karsten Nohl, who has since joined the deDECTed team, one of the reasons for this is that engineers already worked sloppily when implementing the encryption code, reducing the initially planned additional process security measures such as redundant rounds in favour of a faster encryption.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.