Jan
24
2009
0

Dect Monitoring Update

As you’ll see from our last post – Dect is now completely insecure. Over the last two weeks I’ve been doing some more research, and it seems like around 50% of Dect phones transmit without using the optional encryption.

This means that someone with just a Laptop, Com-On-Air wireless Dect PCMCIA card & Ubuntu Linux can now monitor all those conversations you have. Imagine how much information you could be providing for identity thieves!

If you use telephone banking or use your credit card to pay for goods over the phone, then you really should go back to using a regular wired home phone for these calls at least (or just use your proper mobile, as these are still secure).

If you’re fortunate enough to own a DECT phone that does encrypt (list), then you are still at some risk, the reason: the data-stream passing between your phone & base-station can still be recorded – but at this moment it can’t be turned into a conversation. Once more malicious hackers start to understand the current software, then eventually brute force hacks for the encrypted calls will appear – and when they do your old calls could be dusted-off & decrypted.

Worryingly, it seems that Dect is used for controlling traffic lights & some wireless credit card terminals. So these will likely become targets too.

This hack originated in Germany and their equivalent of the BBC’s Panorama have already done a piece on it. The equivalent of the UK’s OFCOM have already issued advice to Germans that they should stop telephone banking & giving out credit card numbers over cordless Dect phones.

The equipment still takes a fair bit of computer knowledge to get working, and the PCMCIA cards are only available in limited numbers – so it might not become an epidemic-level problem. The Dosch Amand Com-On-Air type II PCMCIA cards which were selling for €40 two weeks ago are now changing hands for €200+ on eBay!

Frontal21 (like BBC’s Panorama in the UK) website piece.

Video of Frontal21 episode

If you want to experiment you can buy a DECT card for your PC from www.ebay.de (that’s the German eBay). Look for vendor arc-computer2 & you could pickup a type III PCMCIA or PCI card for around €25 – you should pay €10 for UK carriage if in doubt.

Both the PCI card and type III PCMCIA card aren’t yet supported in the dect_cli software, but they soon will be. Once supported they’ll rocket in value like the type II cards already have – as these items are no longer manufactured & stock of the product is limited.

Here’s a recent screengrab from eBay.de – notice the joker selling a signed-by-the-hackers type II card for €2500.

Siemens Gigaset Dect Security – Read the press release.

Written by owner in: DECT,General | Tags: , , , ,
Jan
07
2009
0

DECT Hacked – Eavesdropping Now Possible!

Looking through the Security News on TheRegister.co.uk this evening I was surprised to see a report that DECT has now been hacked.

If you didn’t know already, DECT is the technology used by the current generation of cordless home phones & baby monitors. So now, not only is it probably bad for you, it’s also insecure!

The researchers reverse-engineered a standard Com-On-Air PCMCIA DECT card – which is normally used in a Windows laptop to bridge/ link DECT phones to Asterisk VOIP/SIP networks – and demonstrated their Linux-based sniffer at 25C3 hackers congress.

The PCMCIA Class II card costs just €40 from www.arc-computer.de (in Germany, you can buy one via their eBay shop). You will need a PC running Linux to do anything useful with it, and really it’s just a proof-of-concept tool right now. But watch this space.

Read more about it:

http://events.ccc.de/congress/2008/Fahrplan/events/2937.en.html

http://www.theregister.co.uk/2008/12/31/dect_hack/

https://dedected.org/cgi-bin/trac.cgi

Theme: TheBuckmaker.com Premium WordPress Themes | InMotion, Gesundheit