Slashdot Mirror

← Back to Stories (view on slashdot.org)

CCC Hackers Break DECT Telephones' Security

Posted by timothy on from the distibuting-dialtone dept.

Sub Zero 992 writes "Heise Security (article in German) is reporting that at this year's Chaos Communications Congress (25C3) researchers in Europe's dedected.org group have published an article (PDF) showing, using a PC-Card costing only EUR 23, how to eavesdrop on DECT transmissions. There are hundreds of millions of terminals, ranging from telephones, to electronic payment terminals, to door openers, using the DECT standard." So far, the Heise article's German only, but I suspect will show up soon in English translation. Update: 12/30 21:27 GMT by T : Reader Juha-Matti Laurio writes with the story in English. Thanks!

30 of 116 comments (clear)

  1. Ok, somebody has to. by fuzzyfuzzyfungus · · Score: 5, Funny

    All your base station are belong to us.

  2. Free speech! by Anonymous Coward · · Score: 2, Insightful

    In Soviet America, they wouldn't be allowed to publish this.

    1. Re:Free speech! by nem75 · · Score: 3, Informative

      I'm glad Germany seems to have backed down from its anti-hacker legislation. Wasn't it last year we heard they were threatening their security experts and admins with legislation to take away even such benign utilities as password recovery tools?

      They are far from backing down. Over here security auditing and related actions are still threatened by excessive copyright protection laws (existing or in the making). As they are in the US by e.g. the DMCA.

  3. I had no idea by Ender_Stonebender · · Score: 4, Interesting

    Wow. I had no idea that people were using DECT phones to process payment cards*, but a breif Google search turned one up. I guess I've always made the assumption that there is no way to validate the security of wireless connections, so they should always be considered insecure. Do I just have a paranoid mind, or do other geeks think like that to?

    * "Payment cards" includes credit, debit, gift card, etc.

    --
    Loose things are easy to lose. You're getting your hair cut. They're going there to see their aunt.
    1. Re:I had no idea by Yvanhoe · · Score: 2, Funny

      I am doubtful that payment terminals uses only DECT's encryption to transfer confidential data. They probably add their own layer. Don't they ?

      --
      The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
    2. Re:I had no idea by Chep · · Score: 4, Informative

      those terminals are here *everywhere* (France). Drive up to McD's, order stuff, you get handed the terminal, put your card in, punch your PIN, there you are.

      Nowadays those terminals tend to get upgraded to GPRS/EDGE though, but DECT units are still quite popular. Not for that long I guess.

      Although, snake oil wireless security is not much of a worry, if there is another layer of end-to-end crypto between the terminal and the billing&processing authority! I wouldn't bet too much on this though...

      (on the other hand, even CCC-cracked DECT is still not too bad... was apalled to see coupla weeks ago in Geneva, they still print the whole card number and time on receipt slips... OOPS!)

    3. Re:I had no idea by uffe_nordholm · · Score: 3, Insightful

      Unfortunately I don't think it the geeks thinking like you do who are the problem. I think the problem is the managers who make decisions based on what can be sold to the public, as long as the public doesn't find out some small dark secret...

      As for me, I consider wireless communication insecure, but I don't always bother about it. It boils down to a balance of potential damage and cost (not only money but also time/impracticality...) of securing the communication.

    4. Re:I had no idea by fuzzyfuzzyfungus · · Score: 5, Interesting

      In a world not ruled by morons and legacy equipment, I imagine that the DECT link would just be carrying a nice SSL session, and it wouldn't much matter.

      However, I submit the following(PDF warning) as evidence that we do not live in such a world, indeed, there is some reason to suspect the exact opposite.

    5. Re:I had no idea by sxpert · · Score: 3, Insightful

      hmm. last I checked, bankers didn't really care, as long as the people using their services thought their transactions were "secure"

    6. Re:I had no idea by Opportunist · · Score: 2, Funny

      "What do you mean, 'can be hacked'? There's a law against it, right? It's illegal, right? See, it can't be hacked!"

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    7. Re:I had no idea by deroby · · Score: 5, Interesting

      Personally I find it scary that people consider 'wired' communications to be 'secure' by default.

      AFAIK most wireless protocols have at least some kind of 'security' and 'encryption' in their design. Granted that quite a few of these have been shown to be "incomplete", but at least there's an effort. Wired stuff on the other hand seems to be optimized for speed (and stability) only, but nobody really cares about security. When someone finds that they can eavesdrop on a wireless keyboard from an unobscured distance of say 5ft, hell breaks loose. But by my recollection there's been 'keyboardloggers' for ages, both in hardware (a "part" you had to put between the computer and the keyboard, something not quite unfeasible when you can get up to 5ft anyway) and software. (**)

      Clearly, wireless is much harder to control (it simply goes through the wall to the house next door), wired isn't all that "unbreakable" either.
      Imho, security would best be handled using software, that way at least it's easier to "upgrade" when a fault in the protocol is found. I doubt we're going to see everyone throw out their DECT phone or whatever anytime soon... Maybe they'll be able to eavesdrop on phone-conversations, and maybe they'll even manage to see what's going up & down when a payment transaction is going on, but I think (HOPE!) the latter will have at least some kind of protection in there to avoid the packets to be tampered with ...

      (**: Frankly, I think the latter is much more widespread than most any of us think since it's so damn easy to create, but that could be me being paranoid)

      --
      If there is one thing to be learned on slashdot, it has to be sarcasm.
    8. Re:I had no idea by jonbryce · · Score: 2, Insightful

      No, because while they are swiping it, they can also take a clone copy of the card to sell to criminals. At least that's what happens in Britain, and for that reason we are advised not to let our cards be taken out of sight.

      Don't you have chip & pin yet? France has had it for about 15 years now, and Britain has had it for a few years.

    9. Re:I had no idea by KillerBob · · Score: 2, Informative

      Don't you have chip & pin yet? France has had it for about 15 years now, and Britain has had it for a few years.

      It's been around in Canada for about a year... my last Visa card, which expired in November, didn't have it. My current Visa card does. My current Mastercard, which was issued in December 2007, doesn't have one.

      I still sign receipts "Check ID". But I've only ever been asked once.

      --
      If you believe everything you read, you'd better not read. - Japanese proverb
    10. Re:I had no idea by gzunk · · Score: 2, Interesting

      Not necessarily, there are two modes that you can use the EMV cards in. Plaintext offline PIN, and Encrypted offline PIN. In plaintext offline PIN the card reader presents the PIN to the card in plaintext.

      Guess which mode most of the UK cards use, Go on, Guess. (Hint: it's not encrypted.)

    11. Re:I had no idea by Archangel+Michael · · Score: 2, Insightful

      "Personally I find it scary that people consider 'wired' communications to be 'secure' by default."

      No, you misunderstand. Nothing is "secure". It is a grades of security. In this case, wired communication is MORE secure than wireless.

      Anyone suggesting perfect security is either a fool, selling something, or a liar ... or all three.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    12. Re:I had no idea by sangreal66 · · Score: 3, Informative

      They can also get in trouble for accepting a card that reads "Check ID" instead of a valid signature. The merchant agreement stipulates that in these cases the cashier must check ID and have the customer sign the card in their presence. If the customer won't agree to this, the transaction should be refused. The link below is to a picture of the relative portion of Visa's acceptance criteria: http://i41.tinypic.com/v2vb49.gif

    13. Re:I had no idea by KillerBob · · Score: 2, Interesting

      Interesting reading. My card is signed with my real signature, which matches the one on my passport (which I carry when overseas) and my drivers' license. It's the receipt which I sign as "Check ID". I haven't yet called Visa on them, but I'm tempted to after reading that agreement. If nothing else, it means that they aren't actually checking the signature against the card.

      --
      If you believe everything you read, you'd better not read. - Japanese proverb
    14. Re:I had no idea by owlstead · · Score: 2, Interesting

      "Nowadays those terminals tend to get upgraded to GPRS/EDGE though, but DECT units are still quite popular. Not for that long I guess."

      Oh, yes, now I do feel so much safer. Trust me if I say that at least in the GSM world, security is rather haphazard. There have been many issues, including broken SIM's etc. etc. If I take a look at the specs, I don't feel safe against eavesdropping *at all*. I don't know if GPRS is any better, but my guess is that it is not.

      Anyway, even if it is safe, the chances of listening in *after* the stream has been decoded are very high. There is *no* end to end security when using these technologies. For that reason, e.g. the government will never break in using the wireless network because it is much easier to break in elsewhere. Of course, chances of doing this anonymously are much lower than a direct attack on the wireless protocols.

      Basically, if you are using things like payment over any wireless network, I agree with you that the implementers must put security at the application level, using end-to-end security. Otherwise the protocol is broken by default. Does anyone here trust that all these wireless access points have been updated to the latest firmware? Because I don't.

      Note: I'm agreeing with the parent here, just deepening the discussion a bit.

  4. Re:Shouting in German by Opportunist · · Score: 5, Funny

    Es gibt Personen die Deutsch verstehen, Du unsensitiver Klumpen!

    Germans are people too!

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  5. Who cares about payments!?!? by PolygamousRanchKid+ · · Score: 2, Funny

    The article said that you could eavesdrop on baby-phones.

    Now, this is *really* a case on Slashdot, where we should "Think of the Children!"

    --
    Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
  6. Based on the mangled translation... by russotto · · Score: 4, Informative

    ..it appears they haven't broken the cipher, but instead managed to trick the handset and base into not enabling encryption in the first place. I'd guess (without any actual information) that it's an active attack where you intentionally interfere to force a disconnect, then trace the reconnection up to the point where encryption is requested, then fake a packet with encryption not requested (it's TDMA so you know exactly when it is going to come). For cordless phones this is a problem, but for PIN terminals and other dedicated DECT devices, it should in theory be simple to refuse to make certain non-encrypted connections or transmit sensitive data over them. However, in actual practice, nothing involving DECT is simple...

  7. Re:Shouting in German by PearsSoap · · Score: 2, Funny

    Mod parent herauf.

  8. Re:Shouting in German by JJJK · · Score: 5, Funny

    Deutsche Schraegstrichpunkter fuer den Gewinn!

  9. The difference is simple by aepervius · · Score: 2, Insightful

    Wired imply physical access, possibly leaving trace either in software or in hardware. If you leave trace you are therefore detectable and vulnerable yourself to be caught. Wireless on the other hand is another worm. You can read the comms without anyone knowing you ever accessed to it. And even if it is only from 5ft away, you can hide the material and it not be visible on you particularly on public place. Which is why hell break loose on any widely publicly used wireless communication is proved to be vulnerable to heavesdropping, whereas comms where you have to physically have access don#t do so much.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org
    1. Re:The difference is simple by Alpha830RulZ · · Score: 2, Interesting

      Wired is only as secure as the door on the phone equipment room, which in my building is shared by several businesses, and is often open as I walk by.

      --
      I was taught to respect my elders. The trouble is, it's getting harder and harder to find some.
  10. Clipper chip by Anonymous Coward · · Score: 2, Interesting

    Personally I find it scary that people consider 'wired' communications to be 'secure' by default.

    Back in the '90s there was a big fight in the US about the Clipper chip, and forcing every phone in the US to have an encryption chip, with the keys being escrowed and only available via a court order.

    While there were many reasons to be against it, I never understood why some people used the argument that the government could always secretly access the encryption keys. Given the fact that all phone calls are in the clear to begin with, adding the Clipper would actually add some security--if not against the government, then at least against someone attaching some alligator clips to your landline.

    Your landline is just a bunch of voltage fluctuations, and after the "last / first mile" a bunch of bits--both of which can be tapped very easily. Unless we all start using STU-IIIs it's simply best to assume that you're being tapped. (And even with STU-IIIs you still have to worry about traffic analysis.)

    1. Re:Clipper chip by Kadin2048 · · Score: 2, Insightful

      The Clipper chip concept, as applied to telephones, had several big issues. First (as someone else points out), the mere existence of Law Enforcement / NSA keys, held somewhere in a vault, is a security risk. Those keys could leak at some point, and then the entire infrastructure is worse than useless.

      Second, a lot of privacy-minded, government-distrusting people saw the situation Clipper would create as being worse than having no security at all. At least with insecure POTS phones, people of average intelligence get that they're insecure, and can be eavesdropped on pretty easily by both law enforcement and determined third parties with access to the building wiring closet or telephone company switching center. This leads to a demand for secure-communication products (ranging from free products like PGPfone and Zfone, to devices like the Sectera aimed at commercial users), demand which would not exist in an environment where every phone had a Clipper installed.

      Put bluntly, the current situation (where "no security" is the default) allows -- some would say forces -- users who have a mild need for security, for instance just enough to prevent casual interception, to buy aftermarket products. These purchases keep a thriving non-governmental security industry going, and essentially subsidize the relatively small number of people who really need security not only from casual interception but from the government as well.

      If you take on premise, as I and a fair number of other people do, that it's a Good Thing to have the ability to communicate without being spied on by your government (this is outside whether you personally actually think you need it, much less take advantage of it; just that the capability is there if you for some reason wanted to), then Clipper would have been a disaster. The only way it looks like a good idea is if you negate completely the value of having communication channels free of government backdoors (or even better, if you consider the elimination of any channels free from government snooping to be a net positive), which if it was borderline defensible in 1994 seems truly insane today.

      --
      "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  11. Heise UK by Anonymous Coward · · Score: 5, Informative

    English version of this article can be found here:
    http://www.heise-online.co.uk/news/25C3-Serious-security-vulnerabilities-in-DECT-wireless-telephony--/112326

  12. Article in English by cheftw · · Score: 3, Informative

    With a laptop aufgebohrten [bohren is to drill] card for 23 euros, according to security experts call on the basis of the widely-used standard Digital Enhanced Cordless Telecommunication simply listen.

    Who confidential telephone conversations, you should better not be one of the most popular cordless phones on the basis of the standard DECT (Digital Enhanced Cordless Telecommunication) access. As security experts at the 25th Chaos Communication Congress (25C3) in Berlin said, can easily intercept such communications. What is needed is therefore only a aufgebohrte, actually for the Internet telephony imaginary laptop card for 23 euros and a Linux computer. No problems with the interception of long-distance DECT had this device, as very often when an encryption is not activated. But even at the beginning of encrypted information exchange could plug the card base and pretends to disable encryption.

    The approval by the European Telecommunications Standards Institute (ETSI) standard DECT procedure is most widely used for cordless telephones. In addition, the standard in Babyfonen, emergency calls and door-opening systems, cordless EC-card or even in traffic management applications. The number of active DECT terminals in this country alone at 30 million. For the authentication of the base and the associated equipment and for the encryption of data using DECT standard crypto methods.

    The algorithms are used in the devices and will all be wired to the public are kept secret. The network master key is not used to leave. In theory, see that everything from sound, said Erik Tews, one of the researchers involved the discovery of the TU Darmstadt. The practice, however, as various workarounds and attack surfaces.

    After the hackers initially a fairly expensive and high processor performance requirements DECT sniffer had built, they found, according to Andreas fellow students with the ComOnAir card "another beautiful hardware" for the reception of data traffic. After a reverse engineering, the replica of the circuit diagram, the retrieval of Fimware and the AnlÃten some additional lines was scarce after a month of looking, for example, from a house in front of a parked car use sniffer been completed.

    The inventor was quickly noticed led Tews went on to say that sometimes have no authentication or encryption process between the transmitter station and the handset will be activated. Often authenticate the phone only to the network as the GSM cellular standard, although in principle, DECT also the network to the receiving unit as it could identify. For other devices, is a successful authentication, but without encryption. In all these cases, the PCMCIA card with a special Linux driver active discussions track, extract the data on a storage medium and write an audio player such performance can. It should have been possible, in any conversation in such a poorly secured DECT network recorded.

    If the handset is encrypted conversations have had the case not much more difficult, said Tews. Using a modified driver and a script you have the base issue as sniffer and data traffic, thanks to the support VoIP on an Asterisk server, and also redirect you. A breaking of keys had been necessary because when emit a signal that encryption is not supported, to communicate in plain had been converted. "It works on all systems, which we have found here", underlined the Darmstadt researchers vulnerability DECT standard implementations.

    Even when encryption system itself was the first hacker sticking points. According Tews succeeded them, a reverse engineering of the central DECT Standard Authentication Algorithm (DSAA) and its four sub-models to implement. A research report on the project site dedected.org finding implementations and source code for the programming languages Java and C will follow soon. Quite the DSAA is broken so far but not yet.

    On the well kept secret DECT Standard Cipher (DSC) is in accordance with Ralf-Philipp Weinmann of the research team is also still no effective attack. A paten

    --
    Always back up, never back down. ---- Think you're cool 'cos your uid is prime? Take mine, modulo the one digit integers
  13. Re:So then.... by tehcyder · · Score: 2, Interesting

    What's the most secure method of wireless communication (at least for home use) (besides using a hardline)?

    Chinese whispers.

    --
    To have a right to do a thing is not at all the same as to be right in doing it