Ramblings about the DECT security issues reported lately
Posted: Wed Apr 22, 2009 8:40 pm
I have done some real life testing with the DECT hard and software mentioned in the reports on Nova and German TV.
Also done some heavy reading about the protocol etc.
I thought that all the fuss was 'only' about the voice part that wasn't encrypted on 50% of all the DECT phones... but it's even worse... even if your phone encrypts the voice channel ok, that doesn't mean that the handshake/c-channel stuff is encrypted/secure too...
This is what I found out so far:
There a big flaw in the protocol handshake on all DECT sets out there.
The DECT stack of the Fritz!Box 7270 uses a very weak PRNG, making it vunerable to attacks, this could lead to rerouting your handset calls via another party unencrypted without you even knowing it. (worse case), funny enough AVM is stating on their site that DECT on their boxes is very secure... hmmm
But it has a handy DECT monitor so you can see if it's encrypting or what the IPUI and the RFPI values are of your handsets.
My KPN Malibu 630 set isn't encrypting at all!
So no telebanking stuff for me anymore, one could easily evedrop in and grab your security code and numbers dialed.
No DECT door intercom, or DECT based doorkey mechanism for me, ever...
If you want more technical documents/info you can PM me.
Regards,
Ron
Also done some heavy reading about the protocol etc.
I thought that all the fuss was 'only' about the voice part that wasn't encrypted on 50% of all the DECT phones... but it's even worse... even if your phone encrypts the voice channel ok, that doesn't mean that the handshake/c-channel stuff is encrypted/secure too...
This is what I found out so far:
There a big flaw in the protocol handshake on all DECT sets out there.
The DECT stack of the Fritz!Box 7270 uses a very weak PRNG, making it vunerable to attacks, this could lead to rerouting your handset calls via another party unencrypted without you even knowing it. (worse case), funny enough AVM is stating on their site that DECT on their boxes is very secure... hmmm
But it has a handy DECT monitor so you can see if it's encrypting or what the IPUI and the RFPI values are of your handsets.
My KPN Malibu 630 set isn't encrypting at all!
So no telebanking stuff for me anymore, one could easily evedrop in and grab your security code and numbers dialed.
No DECT door intercom, or DECT based doorkey mechanism for me, ever...
If you want more technical documents/info you can PM me.
Regards,
Ron
