Ramblings about the DECT security issues reported lately

Forum with questions and discussions about security or security devices like Marmitek, Elro Elk (other then Visonic)
Post Reply
User avatar
RDNZL
Forum Moderator
Forum Moderator
Posts: 1008
Joined: Sun Sep 24, 2006 1:45 pm
Location: Dordrecht, The Netherlands
Contact:

Ramblings about the DECT security issues reported lately

Post by RDNZL »

I have done some real life testing with the DECT hard and software mentioned in the reports on Nova and German TV.

Also done some heavy reading about the protocol etc.

I thought that all the fuss was 'only' about the voice part that wasn't encrypted on 50% of all the DECT phones... but it's even worse... even if your phone encrypts the voice channel ok, that doesn't mean that the handshake/c-channel stuff is encrypted/secure too...

This is what I found out so far:

There a big flaw in the protocol handshake on all DECT sets out there.

The DECT stack of the Fritz!Box 7270 uses a very weak PRNG, making it vunerable to attacks, this could lead to rerouting your handset calls via another party unencrypted without you even knowing it. (worse case), funny enough AVM is stating on their site that DECT on their boxes is very secure... hmmm
But it has a handy DECT monitor so you can see if it's encrypting or what the IPUI and the RFPI values are of your handsets.

My KPN Malibu 630 set isn't encrypting at all!
So no telebanking stuff for me anymore, one could easily evedrop in and grab your security code and numbers dialed.

No DECT door intercom, or DECT based doorkey mechanism for me, ever...

If you want more technical documents/info you can PM me.

Regards,
Ron
User avatar
Noel
Senior Member
Senior Member
Posts: 1887
Joined: Tue Feb 12, 2008 12:13 am
Location: Netherlands
Contact:

Ramblings about the DECT security issues reported lately

Post by Noel »

Very interesting info, and I never thought of the DECT part!
I only have one DECT phone (connected to a receiving only VOIP line). The only thing they can do is listen to my calls. I guess I need to live with that for now.

--
Image
Post Reply

Return to “Security & Alarmpanels Forum”