In addition to the crypto algorithm of the GSM mobile telephony standard, security researchers have also cracked the encryption code for calls from cordless phones that are based on the widely used Digital Enhanced Cordless Telecommunication (DECT) standard. This was announced by members of the deDECTed.org project group at the 26th Chaos Communication Congress (26C3) in Berlin on Tuesday. According to the researchers, the respective key used can be extracted from intercepted data traffic with a reasonable amount of effort. The experts think that such prep work will make the DECT Standard Cipher (DSC) “increasingly easier and faster to crack”.

At last year’s hacker conference, members of deDECTed had already pointed out severe flaws in the implementation of the DECT security features. They had used a modified laptop card and a Linux computer for intercepting DECT phones. When running their tests, the researchers noticed that occasionally no encryption process whatsoever exists between the transmitting base station and the handset. Often, the handset simply authenticates itself at the base station in the same way that is stipulated by the GSM mobile telephony standard. In other devices, the base station did authenticate itself, but without encryption. In all of these cases, the hackers were able to record active conversations in plain text.

At the time, however, the group was unable to successfully simulate an attack on the secret DSC. Now, the researchers have made further progress, which effectively means that phone conversations via DECT devices must be considered insecure even if a vendor has correctly implemented the standard’s prescribed encryption features. According to crypto researcher Karsten Nohl, who has since joined the deDECTed team, one of the reasons for this is that engineers already worked sloppily when implementing the encryption code, reducing the initially planned additional process security measures such as redundant rounds in favour of a faster encryption.

Read more here.