DECT Encryption Analyzed & Cracked

A group in Germany have successfully analyzed and cracked the encryption used in DECT cordless systems using relatively trivial hardware. They’ve published an article (in German) and presented at this weeks Chaos Communications Congress (25C3).

From the description of their presentation:

Digital Enhanced Cordless Telecommunications (DECT) is a synonm for cordless phones today. Although DECT can be found nearly everywhere, only little is known about the security of DECT. Most parts of the DECT standard are public, but all cryptographic algorithms used in DECT (authentication and encryption) are secret and not known to the public.

We will show you the following:

  • An introduction into the DECT protocol.
  • An introduction to the DECT authentication and key management functions.
  • An introduction into the DECT low level communication.
  • A detailed security analysis of the protocol.

The presenters are members of a group called dedected.org. A PDF of their 25C3 presentation (in English) is available here.

Note that the groups web site is hosted in a trac SCM system and itself has a faulty security certificate.