25C3: Serious Security Vulnerabilities in DECT Wireless Telephony

By JDavis | 1/12/09 2:03 PM

Security experts at the 25th Chaos Communication Congress (25C3) in Berlin explain how easy it is to eavesdrop on calls using telephones based on DECT (Digital Enhanced Cordless Telecommunication), the world’s most popular wireless telephony protocol.

According to researchers, all that's required is a souped-up ($30) VoIP laptop card and a Linux computer.

The algorithms used are hard wired into the devices and are not publicly disclosed. The keys used do not leave the originating network. As Erik Tews, one of the researchers from the Technical University of Darmstadt, involved in the discovery explained, in theory this all seems perfectly sound. In practice, however, there are various ways of getting around this and various attack points.

According to co-researcher Matthias Wenzel, having previously built a very expensive DECT sniffer, which required very high processing power, the team found an alternative hardware set-up for intercepting the data traffic in the form of the ComOnAir PCMCIA card. After just under a month of reverse engineering, reconstruction of the circuit diagram, hunting down the firmware and soldering on a few additional circuits, the goal of creating a sniffer that could be used from a car parked in front of a house, was achieved.

Read full story.

Read More >

Hints from Mocana Engineering

By JDavis | 1/12/09 2:01 PM

Does Mocana support OCSP? Our customers are asking for OCSP, what is it and why is it important?

Read More >

Embedded Technologies On Ice

By JDavis | 12/5/08 1:47 PM

Though physics and electrical engineering are different sciences, the two fields sometimes converge when scientists tackle tricky experiments. Click here for one such example in which embedded technologies are helping researchers control, monitor and gather data at the South Pole, where winter temperatures can reach -80 C.

Read More >
COMMENTS