Feeds

DECT wireless eavesdropping made easy

Security bypass attack

Beginner's guide to SSL certificates

Conversations relayed through cordless household phones might be far easier to snoop upon than previously suspected.

A new attack against phones based on DECT (Digital Enhanced Cordless Telecommunication) technology - demonstrated during the Chaos Communication Congress in Berlin earlier this week - might be carried out cheaply using off-the-shelf kit, together with a little know-how. A modified $30 VoIP laptop card running on a Linux portable were used to demonstrate the attack, which relies on using specially outfitted equipment to impersonate legitimate wireless base stations.

Encryption does feature as part of the DECT standard, but even when it's enabled, it might easily be bypassed in order to allow rogue devices to pose as the real thing, heise Security reports.

The algorithm used by DECT is hardwired into devices and not publicly disclosed. However, the boffins found that DECT-based communications between a transmitting station and the hand-held device often featured no form of encryption or authentication. And even when cryptographic defences are put into play they might be defeated by diverting data to an Asterisk (Linux-based software PBX), where crypto isn't supported so that conversations default to plain text, cryptographic researchers discovered.

Having previously carried out an attack using an expensive DECT sniffer the security researchers - Erik Tews from the Technical University of Darmstadt, Ralf-Philipp Weinmann, and Matthias Wenzel - modified a ComOnAir PCMCIA card with a few additional circuit and software modifications so that once the kit was plugged into a laptop it was able to function as a sniffer. The equipment was easily small enough to be operated from a car parked outside a targeted location.

The boffins were able to extract an audio stream which could be played back or recorded even with this cut-price kit.

This approaches relies on circumventing the security built into DECT without actually defeating it head-on. The security boffins made some headway in breaking the DECT Standard Authentication Algorithm (DSAA) without successfully cracking it. Details on this work can be found on the dedacted.org project site here.

The DECT standard is used by electronic payment terminal and door opening technology as well as household telephones, so the implications of the attack might be far-reaching. The next version of the Kismet WLAN sniffer will support DECT. Wireless LANs and DECT devices operate over separate frequencies, so additional hardware will still be needed to sniff on conversations, heise Security adds. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.