Feeds

DECT wireless eavesdropping made easy

Security bypass attack

Website security in corporate America

Conversations relayed through cordless household phones might be far easier to snoop upon than previously suspected.

A new attack against phones based on DECT (Digital Enhanced Cordless Telecommunication) technology - demonstrated during the Chaos Communication Congress in Berlin earlier this week - might be carried out cheaply using off-the-shelf kit, together with a little know-how. A modified $30 VoIP laptop card running on a Linux portable were used to demonstrate the attack, which relies on using specially outfitted equipment to impersonate legitimate wireless base stations.

Encryption does feature as part of the DECT standard, but even when it's enabled, it might easily be bypassed in order to allow rogue devices to pose as the real thing, heise Security reports.

The algorithm used by DECT is hardwired into devices and not publicly disclosed. However, the boffins found that DECT-based communications between a transmitting station and the hand-held device often featured no form of encryption or authentication. And even when cryptographic defences are put into play they might be defeated by diverting data to an Asterisk (Linux-based software PBX), where crypto isn't supported so that conversations default to plain text, cryptographic researchers discovered.

Having previously carried out an attack using an expensive DECT sniffer the security researchers - Erik Tews from the Technical University of Darmstadt, Ralf-Philipp Weinmann, and Matthias Wenzel - modified a ComOnAir PCMCIA card with a few additional circuit and software modifications so that once the kit was plugged into a laptop it was able to function as a sniffer. The equipment was easily small enough to be operated from a car parked outside a targeted location.

The boffins were able to extract an audio stream which could be played back or recorded even with this cut-price kit.

This approaches relies on circumventing the security built into DECT without actually defeating it head-on. The security boffins made some headway in breaking the DECT Standard Authentication Algorithm (DSAA) without successfully cracking it. Details on this work can be found on the dedacted.org project site here.

The DECT standard is used by electronic payment terminal and door opening technology as well as household telephones, so the implications of the attack might be far-reaching. The next version of the Kismet WLAN sniffer will support DECT. Wireless LANs and DECT devices operate over separate frequencies, so additional hardware will still be needed to sniff on conversations, heise Security adds. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.