Feeds

DECT wireless eavesdropping made easy

Security bypass attack

Next gen security for virtualised datacentres

Conversations relayed through cordless household phones might be far easier to snoop upon than previously suspected.

A new attack against phones based on DECT (Digital Enhanced Cordless Telecommunication) technology - demonstrated during the Chaos Communication Congress in Berlin earlier this week - might be carried out cheaply using off-the-shelf kit, together with a little know-how. A modified $30 VoIP laptop card running on a Linux portable were used to demonstrate the attack, which relies on using specially outfitted equipment to impersonate legitimate wireless base stations.

Encryption does feature as part of the DECT standard, but even when it's enabled, it might easily be bypassed in order to allow rogue devices to pose as the real thing, heise Security reports.

The algorithm used by DECT is hardwired into devices and not publicly disclosed. However, the boffins found that DECT-based communications between a transmitting station and the hand-held device often featured no form of encryption or authentication. And even when cryptographic defences are put into play they might be defeated by diverting data to an Asterisk (Linux-based software PBX), where crypto isn't supported so that conversations default to plain text, cryptographic researchers discovered.

Having previously carried out an attack using an expensive DECT sniffer the security researchers - Erik Tews from the Technical University of Darmstadt, Ralf-Philipp Weinmann, and Matthias Wenzel - modified a ComOnAir PCMCIA card with a few additional circuit and software modifications so that once the kit was plugged into a laptop it was able to function as a sniffer. The equipment was easily small enough to be operated from a car parked outside a targeted location.

The boffins were able to extract an audio stream which could be played back or recorded even with this cut-price kit.

This approaches relies on circumventing the security built into DECT without actually defeating it head-on. The security boffins made some headway in breaking the DECT Standard Authentication Algorithm (DSAA) without successfully cracking it. Details on this work can be found on the dedacted.org project site here.

The DECT standard is used by electronic payment terminal and door opening technology as well as household telephones, so the implications of the attack might be far-reaching. The next version of the Kismet WLAN sniffer will support DECT. Wireless LANs and DECT devices operate over separate frequencies, so additional hardware will still be needed to sniff on conversations, heise Security adds. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.