Slashdot Mirror

← Back to Stories (view on slashdot.org)

CCC Hackers Break DECT Telephones' Security

Posted by timothy on from the distibuting-dialtone dept.

Sub Zero 992 writes "Heise Security (article in German) is reporting that at this year's Chaos Communications Congress (25C3) researchers in Europe's dedected.org group have published an article (PDF) showing, using a PC-Card costing only EUR 23, how to eavesdrop on DECT transmissions. There are hundreds of millions of terminals, ranging from telephones, to electronic payment terminals, to door openers, using the DECT standard." So far, the Heise article's German only, but I suspect will show up soon in English translation. Update: 12/30 21:27 GMT by T : Reader Juha-Matti Laurio writes with the story in English. Thanks!

3 of 116 comments (clear)

  1. Re:I had no idea by Chep · · Score: 4, Informative

    those terminals are here *everywhere* (France). Drive up to McD's, order stuff, you get handed the terminal, put your card in, punch your PIN, there you are.

    Nowadays those terminals tend to get upgraded to GPRS/EDGE though, but DECT units are still quite popular. Not for that long I guess.

    Although, snake oil wireless security is not much of a worry, if there is another layer of end-to-end crypto between the terminal and the billing&processing authority! I wouldn't bet too much on this though...

    (on the other hand, even CCC-cracked DECT is still not too bad... was apalled to see coupla weeks ago in Geneva, they still print the whole card number and time on receipt slips... OOPS!)

  2. Based on the mangled translation... by russotto · · Score: 4, Informative

    ..it appears they haven't broken the cipher, but instead managed to trick the handset and base into not enabling encryption in the first place. I'd guess (without any actual information) that it's an active attack where you intentionally interfere to force a disconnect, then trace the reconnection up to the point where encryption is requested, then fake a packet with encryption not requested (it's TDMA so you know exactly when it is going to come). For cordless phones this is a problem, but for PIN terminals and other dedicated DECT devices, it should in theory be simple to refuse to make certain non-encrypted connections or transmit sensitive data over them. However, in actual practice, nothing involving DECT is simple...

  3. Heise UK by Anonymous Coward · · Score: 5, Informative

    English version of this article can be found here:
    http://www.heise-online.co.uk/news/25C3-Serious-security-vulnerabilities-in-DECT-wireless-telephony--/112326