back to article DECT wireless eavesdropping made easy

Conversations relayed through cordless household phones might be far easier to snoop upon than previously suspected. A new attack against phones based on DECT (Digital Enhanced Cordless Telecommunication) technology - demonstrated during the Chaos Communication Congress in Berlin earlier this week - might be carried out …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Unhappy

    Weak

    This is horribly weak.

    First off, the open source linux telephony engine is called "Asterisk", not "Asterix".

    Secondly, the statement "...by diverting data to an Asterix (Linux-based software PBX), where crypto isn't supported so that conversations default to plain text, cryptographic researchers discovered." is no "discovery" by any means. Not being able to defeat DECT head on, but running it though MOST PBX engines based on the SIP protocol, which is used by an incredibly large number of PBX systems, is as worthless an observation as stating "clipping a telephone test set in line with the DECT device also allowed bypassing DECT".

    Sniffing a SIP/RTP based call has nothing to do with DECT, is not specific to Asterisk, is not a "discovery", and seems only to serve here as some attempt at validating research that yielded no real discoveries about cracking DECT.

  2. Destroy All Monsters Silver badge
    Linux

    @Weak

    ....but it makes for good copy and might entice politicians to fall over themselves to pass a new law against "DECT sniffing"

    And it surely is not an "Asterix" otherwise the copyright nazis from Editions (Robert? Albert?) Goscinny would be in touch in a heartbeat, as anyone who remembers what happened to "Mobilix" knows.

  3. David Wilkinson

    I am still happy with my Dect 6 phone

    I figured its digital encryption could be hacked ... I just wanted a phone that would keep ME from inadvertently picking up bits of other peoples conversations in my crowded apartment building.

  4. This post has been deleted by its author

  5. Daniel Palmer
    Flame

    Today at the reg... more oh noes!

    Yet another story on the reg about some security being broken, "oh noes!!! we're all going to die! somebody think of the children".... and it turns out that it's not really broken at all.

  6. Paul
    Paris Hilton

    ElReg misunderstood

    I RTFA instead of relying on ElReg's interpretation...

    the crackers seems to have done two things

    the first was simply interecept an unencrypted wireless telephone conversation, not particularly hard with a digital receiver on the right frequency with the right codec

    the second was a classic man-in-the-middle attack. basically they created a fake dect "access point" (i.e. a telephone base station) which didn't do encryption or strong authentication, and relied on the handsets to not report this, so that when a call was made they could simply intercept the audio stream.

    in both cases, it relies on the designer of the handset and base staton having been lazy - either not actually doing any encryption at all, or being careless with authentication! snag is with any consumer electronics, it's all proprietary stuff with no technical documentation, so we're unlikely to find out until it's too late whether our phones are vulnerable or not.

    What I want to know is which makers have cut corners. I suspect we'll only know when their hands are forced by hackers publishing a list. I have a Siemens S685IP, and Siemens do occasionally release firmware updates for it since it has an internet connection; I would hope that if it is vulnerable, it will be fixable and fixed - quite possibly the DECT part will rely on an ASIC whose algorithms are burned into to mask ROM and cannot be changed :-(

    It's pretty much like the car whisperer hack which allows you to take over someone's bluetooth headset!

    Paris - because even she knows that telephones are not secure

  7. Anonymous Coward
    IT Angle

    Maybe a job for

    quantum encryption?

    (With auto adjust)

  8. Anonymous Coward
    Black Helicopters

    From now on....

    ...all private phone calls in the UK must be routed via the Parliament switch-board. This will make it easier for your benefactors to keep tabs on you and also help us in our bid to stamp out cyber-crime (look out for the kids et al).

    Please keep all phone calls to 3 minutes or less. Please book ALL calls 3 weeks in advance by ringing the Parliament switch-board, err oops!

    Please, no emergencies outside normal business hours (10am to 3pm - including lunch from 12 to 2)

  9. Winkypop Silver badge
    Black Helicopters

    Question

    If I revert back to calls using 2 empty jam tin cans and a length of string, and the tins/string is made in China, will I be safe from the Chinese hackorz?

  10. Christian Berger

    We should move on

    OK, DECT is still the best dedicated wireless phone standard availiable. Unlike GSM there is no way to intercept calls remotely, as from the base-station on you can use decent encryption.

    The next step might be to do an ultra-simple IPv6 based voice standard. Essentially you would dial the IP-number of the other station. The whole communication goes over a protocoll which adds redundancy to UDP, so you can reconstruct the information of missing packets. Signalling should also be done in such packets. And everything would be strongly encrypted end to end.

  11. Anonymous Coward
    Happy

    @Christian

    great answer, but totally flawed

    1. UDP is not designed for redundancy, that's the job of TCP. And in voice, it's too slow. If you are on about multiple streams, then latency & reassembly would be a nightmare and make the point of using UDP (fast, low latency , low bandwidth commincation) pointless.

    2. "Essentially you would dial the IP-number of the other station". So you like to dial 0123456789@2001:db8:85a3:0:0:8a2e:370:7334? Catchy. If you mean something like fred@home.com then that's what SIP does for you. e.g SIP:fred@home.com or sip:0123456789@192.168.1.5

    3. The whole point of the article is that they are able to intercept the calls!

    Part from that, spot on.

  12. This post has been deleted by its author

  13. Jeff

    @Weak AC - Asterisk/Asterix

    Picking up on your comment. Where in the article does it mention Asterix?

This topic is closed for new posts.

Other stories you might like