Earlier today the DECT Forum issued a press release in response to news from last months Chaos Communications Congress (25C3) that the DECT encryption has been cracked. Their press release (PDF) is about what you’d expect. It merely asserts their willingness to work with researchers to develop new and better security provisions as part of the CAT-iQ standard that replaces DECT.
I would hope that they would not only develop a better standard, but also ensure that the encryption provisions are in fact implemented by manufacturers. To my mind the most frightful part of the DeDECTed groups work was finding that some DECT implementations were not encrypted at all. Further, that there was essentially no way for a non-technical user to know if the DECT system that they were buying was encrypted or not.
A group in Germany have successfully analyzed and cracked the encryption used in DECT cordless systems using relatively trivial hardware. They’ve published an article (in German) and presented at this weeks Chaos Communications Congress (25C3).
From the description of their presentation:
Digital Enhanced Cordless Telecommunications (DECT) is a synonm for cordless phones today. Although DECT can be found nearly everywhere, only little is known about the security of DECT. Most parts of the DECT standard are public, but all cryptographic algorithms used in DECT (authentication and encryption) are secret and not known to the public.
We will show you the following:
An introduction into the DECT protocol.
An introduction to the DECT authentication and key management functions.
An introduction into the DECT low level communication.
A detailed security analysis of the protocol.
The presenters are members of a group called dedected.org. A PDF of their 25C3 presentation (in English) is available here.
Note that the groups web site is hosted in a trac SCM system and itself has a faulty security certificate.