Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

CCC Hackers Break DECT Telephones' Security

timothy posted more than 5 years ago | from the distibuting-dialtone dept.

Communications 116

Sub Zero 992 writes "Heise Security (article in German) is reporting that at this year's Chaos Communications Congress (25C3) researchers in Europe's dedected.org group have published an article (PDF) showing, using a PC-Card costing only EUR 23, how to eavesdrop on DECT transmissions. There are hundreds of millions of terminals, ranging from telephones, to electronic payment terminals, to door openers, using the DECT standard." So far, the Heise article's German only, but I suspect will show up soon in English translation. Update: 12/30 21:27 GMT by T : Reader Juha-Matti Laurio writes with the story in English. Thanks!

Sorry! There are no comments related to the filter you selected.

Ok, somebody has to. (5, Funny)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#26267159)

All your base station are belong to us.

Re:Ok, somebody has to. (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#26267547)

God, that joke sucked. Fuck you.

Re:Ok, somebody has to. (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26267597)

Ich spreche nicht am Telefon, aber hier ist meine Geschichte:

Ich ging ein braunes Seil heute Morgen von der Größe eines kleinen schwarzen Kind. An einer Stelle war ich nicht sicher, ob ich eine Scheiße, oder es war die Scheiße, die mich. Und während ich in diesem Punkt, was ist das Geschäft mit einer Scheiße? Sollte es nicht aus einem shit? Ich bin sicher nicht die alles mit mir, wenn ich tun.

Aber zurück zum Thema, Telefone sucks ass

Re:Ok, somebody has to. (-1, Troll)

orgelspieler (865795) | more than 5 years ago | (#26269487)

Too bad the Germans outlawed grammar Nazis after WWII. They would have been all over this post.

Re:Ok, somebody has to. (1)

neumayr (819083) | more than 5 years ago | (#26270125)

We're outlawed? Damn, must have missed the memo..
Looks like babelfish though.

yep (-1, Offtopic)

zoomshorts (137587) | more than 5 years ago | (#26267169)

Ja !!!

Free speech! (2, Insightful)

Anonymous Coward | more than 5 years ago | (#26267177)

In Soviet America, they wouldn't be allowed to publish this.

Re:Free speech! (1)

cromar (1103585) | more than 5 years ago | (#26267521)

I'm glad Germany seems to have backed down from its anti-hacker legislation. Wasn't it last year we heard they were threatening their security experts and admins with legislation to take away even such benign utilities as password recovery tools?

I was going to your right to publish such information wouldn't be violated in America, but then I remembered the subway-hack kids and the guy who took a plea bargain [nytimes.com] for distributing Hezbollah satellite feeds in NY...

Re:Free speech! (3, Informative)

nem75 (952737) | more than 5 years ago | (#26268195)

I'm glad Germany seems to have backed down from its anti-hacker legislation. Wasn't it last year we heard they were threatening their security experts and admins with legislation to take away even such benign utilities as password recovery tools?

They are far from backing down. Over here security auditing and related actions are still threatened by excessive copyright protection laws (existing or in the making). As they are in the US by e.g. the DMCA.

Re:Free speech! (1, Informative)

Anonymous Coward | more than 5 years ago | (#26269215)

German Legisltive has already passed has a very strict bill (Paragraph 202c StGB) in August 2007 and we have since been sourcing out certain penetration tests for out customers to freelance developers in Switzerland and Israel.

IT industry doesn't have a lobby in Germany and legislators behave like in a third world country in this regard. (Echt scheisse ist das!)

You also might have noticed that many papers that where presented during 25C3 were not signed any more but anonymous submissions. In some oint

So then.... (0)

Anonymous Coward | more than 5 years ago | (#26267185)

What's the most secure method of wireless communication (at least for home use) (besides using a hardline)?

Re:So then.... (0)

Anonymous Coward | more than 5 years ago | (#26267343)

What's the most secure method of wireless communication (at least for home use) (besides using a hardline)?

Step one is understanding what a hardline is.

Re:So then.... (0, Offtopic)

Hal_Porter (817932) | more than 5 years ago | (#26267451)

There's a good introduction here [amazon.com] .

Shouting in German (1)

Viol8 (599362) | more than 5 years ago | (#26267375)

It seems no one understands here it so you'll be safe from eavesdropping slashdotters anyway!

Re:Shouting in German (5, Funny)

Opportunist (166417) | more than 5 years ago | (#26267433)

Es gibt Personen die Deutsch verstehen, Du unsensitiver Klumpen!

Germans are people too!

Re:Shouting in German (0)

Anonymous Coward | more than 5 years ago | (#26267703)

Du unsensitiver Klumpen!

... das heiÃYt unsensibler Klumpen, Du unsensibles Stück Holz

Re:Shouting in German (2, Funny)

PearsSoap (1384741) | more than 5 years ago | (#26267705)

Mod parent herauf.

Re:Shouting in German (5, Funny)

JJJK (1029630) | more than 5 years ago | (#26267719)

Deutsche Schraegstrichpunkter fuer den Gewinn!

Re:Shouting in German (1)

Briareos (21163) | more than 5 years ago | (#26267805)

Wär' schön, spielt's aber net... [slashdot.de]

np: Marilies Jagsch - Daydream (Obituary For A Lost Mind)

Re:Shouting in German (1)

Opportunist (166417) | more than 5 years ago | (#26268337)

Oddly enough, http://schraegstrichpunkt.de/ [schraegstrichpunkt.de] exists. Its tagline even reflects that its maker knows what /. is.

Looks like it's a blog of some sort, though. Nothing worth clicking at, just wanted to note that it exists.

Re:Shouting in German (1)

Nathrael (1251426) | more than 5 years ago | (#26272767)

Yeah, it's a blog created by someone who's obviously someone who knows /.. The title "Neues für Nerze - Stoff für Mettwurst" is a little play on "News for nerds - stuff that matters".

Re:Shouting in German (1)

Nathrael (1251426) | more than 5 years ago | (#26272785)

Ãf¼ = ue (too bad, Slashdot can't display umlauts)

Re:Shouting in German (1)

Mozk (844858) | more than 5 years ago | (#26273875)

ü = ü

Slashdot accepts at least some character entity references [wikipedia.org] in that form. Really they just need to get with the damn times (i.e. the last decade) and support Unicode.

Re:Shouting in German (0)

Anonymous Coward | more than 5 years ago | (#26268403)

Actually, the correct translation would be "Du unsensibler Klumpen".

Re:Shouting in German (1)

houghi (78078) | more than 5 years ago | (#26268571)

Spelling nazi!

Re:Shouting in German (0)

Anonymous Coward | more than 5 years ago | (#26272083)

No, he is actually a translation nazi.

Re:Shouting in German (0)

Anonymous Coward | more than 5 years ago | (#26273369)

Nazi Nazi!

Re:So then.... (1)

jeepien (848819) | more than 5 years ago | (#26268669)

What's the most secure method of wireless communication (at least for home use) (besides using a hardline)?

None. The "hardline" is the most secure method of wireless communication. No, wait...

Re:So then.... (2, Interesting)

tehcyder (746570) | more than 5 years ago | (#26268917)

What's the most secure method of wireless communication (at least for home use) (besides using a hardline)?

Chinese whispers.

Hey Faggots (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26267189)

My name is John, and I hate every single one of you. All of you are fat, retarded, no-lifes who spend every second of their day looking at stupid ass pictures. You are everything bad in the world. Honestly, have any of you ever gotten any pussy? I mean, I guess it's fun making fun of people because of your own insecurities, but you all take to a whole new level. This is even worse than jerking off to pictures on facebook.

Don't be a stranger. Just hit me with your best shot. I'm pretty much perfect. I was captain of the football team, and starter on my basketball team. What sports do you play, other than "jack off to naked drawn japanese people"? I also get straight A's, and have a banging hot girlfriend (She just blew me; Shit was SO cash). You are all faggots who should just kill yourselves. Thanks for listening.

Re:Hey Faggots (1, Insightful)

Anonymous Coward | more than 5 years ago | (#26267391)

Why someone who consider us insignificant would hate us?</justSaying>

Failbait.

Re:Hey Faggots (1)

vvk (95314) | more than 5 years ago | (#26267575)

So this is what we hear when we would listen to your dect calls?

Re:Hey Faggots (0)

Anonymous Coward | more than 5 years ago | (#26268339)

This copypasta just isn't the same without the actual picture of the orange-tanned guido and his coked up girlfriend next to it.

Re:Hey Faggots (0)

Anonymous Coward | more than 5 years ago | (#26268685)

You know you've lurked long enough that you see it immediately when you read the first line anyway.

Re:Hey Faggots (0)

Anonymous Coward | more than 5 years ago | (#26268973)

Don't be a stranger. Just hit me with your best shot. I'm pretty much perfect. I was captain of the football team, and starter on my basketball team.

And yet, while faced with a simple problem, like for example 9 + 3, your head start to hurt, and smoke comes out of your ears.

It's normal for stupid people to hate those that are smarter than them, but you should really be grateful that there are people who does not consider sports and chicks to be the sole meaning of life.

Without us, where would your precious TV be? Where would the machines that build your sports stadium be? Where would your car be? The truth is, without us you'd still be sitting in the forest, banging two sticks together, trying to make fire.

Now shoo, go play with your balls, grown ups are talking.

I had no idea (4, Interesting)

Ender_Stonebender (60900) | more than 5 years ago | (#26267233)

Wow. I had no idea that people were using DECT phones to process payment cards*, but a breif Google search turned one up. I guess I've always made the assumption that there is no way to validate the security of wireless connections, so they should always be considered insecure. Do I just have a paranoid mind, or do other geeks think like that to?

* "Payment cards" includes credit, debit, gift card, etc.

Re:I had no idea (2, Funny)

Yvanhoe (564877) | more than 5 years ago | (#26267313)

I am doubtful that payment terminals uses only DECT's encryption to transfer confidential data. They probably add their own layer. Don't they ?

Re:I had no idea (5, Interesting)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#26267367)

In a world not ruled by morons and legacy equipment, I imagine that the DECT link would just be carrying a nice SSL session, and it wouldn't much matter.

However, I submit the following [applied-math.org] (PDF warning) as evidence that we do not live in such a world, indeed, there is some reason to suspect the exact opposite.

Re:I had no idea (0)

Anonymous Coward | more than 5 years ago | (#26267833)

In a world not ruled by morons and legacy equipment, I imagine that the DECT link would just be carrying a nice SSL session, and it wouldn't much matter.

As it was in the past [slashdot.org] , so it is today.

I'll bet that optical hack for CRTs (but not flat panels) was in one of the redacted sections. I wonder if the DECT crack was in there too, or if it's in (or will be in, since I don't even need to know if it's been written yet :-) Vol. 3?

I also wonder if anyone's gotten very far with the puzzle on the last page.

Re:I had no idea (1)

Hognoxious (631665) | more than 5 years ago | (#26268945)

They probably add their own layer. Don't they ?

Shall I let go the tumbleweed and start the wind machine now?

Re:I had no idea (4, Informative)

Chep (25806) | more than 5 years ago | (#26267325)

those terminals are here *everywhere* (France). Drive up to McD's, order stuff, you get handed the terminal, put your card in, punch your PIN, there you are.

Nowadays those terminals tend to get upgraded to GPRS/EDGE though, but DECT units are still quite popular. Not for that long I guess.

Although, snake oil wireless security is not much of a worry, if there is another layer of end-to-end crypto between the terminal and the billing&processing authority! I wouldn't bet too much on this though...

(on the other hand, even CCC-cracked DECT is still not too bad... was apalled to see coupla weeks ago in Geneva, they still print the whole card number and time on receipt slips... OOPS!)

Re:I had no idea (1)

PolygamousRanchKid (1290638) | more than 5 years ago | (#26267473)

I have seen these things a lot in restaurants in France, Italy, Spain and Portugal.

I can't recall ever seeing one in Germany. They usually just take your card, and return it with the receipt.

Now, if that is any securer?

Re:I had no idea (1)

jank1887 (815982) | more than 5 years ago | (#26267531)

at least there you know it's always just the waiter who walks away with your credit card info, and not someone snooping through your trash.

Re:I had no idea (1)

Hurricane78 (562437) | more than 5 years ago | (#26268527)

And if they are the same person?

You know, the poor guy who barely has enough money to live because the only job he can get is as a waiter.
If he manages to clone the data, and get some money to another account (perhaps with the help of a friend).

Besides: I wonder whey credit cards are in use at all. They are obviously the worst security concept in history (until Windows 95's user login, circumvented by pressing ESC).

Re:I had no idea (1)

LandDolphin (1202876) | more than 5 years ago | (#26270449)

You know, the poor guy who barely has enough money to live because the only job he can get is as a waiter. If he manages to clone the data, and get some money to another account (perhaps with the help of a friend).

Sound a little paranoid to me. Plus, if ithis did happen, you'd call your bank and they would reverse the charges. Better to have someone steal your Bankcard then yoru Check book.

Re:I had no idea (1)

MightyYar (622222) | more than 5 years ago | (#26267807)

Now, if that is any securer?

That's a very good point. In all of the electronic transactions that my wife and I have ever made, we've never had our card swiped. Yet, a cashier once swiped her number at a brick-and-mortar store and used it to buy gas and have a pizza delivered, among other things.

Re:I had no idea (2, Insightful)

jonbryce (703250) | more than 5 years ago | (#26267819)

No, because while they are swiping it, they can also take a clone copy of the card to sell to criminals. At least that's what happens in Britain, and for that reason we are advised not to let our cards be taken out of sight.

Don't you have chip & pin yet? France has had it for about 15 years now, and Britain has had it for a few years.

Re:I had no idea (2, Informative)

KillerBob (217953) | more than 5 years ago | (#26267975)

Don't you have chip & pin yet? France has had it for about 15 years now, and Britain has had it for a few years.

It's been around in Canada for about a year... my last Visa card, which expired in November, didn't have it. My current Visa card does. My current Mastercard, which was issued in December 2007, doesn't have one.

I still sign receipts "Check ID". But I've only ever been asked once.

Re:I had no idea (1)

NeoSkandranon (515696) | more than 5 years ago | (#26268117)

*opens can of worms* That's because they can get in trouble with Visa if they demand ID. And it annoys customers besides.

Re:I had no idea (3, Informative)

sangreal66 (740295) | more than 5 years ago | (#26268489)

They can also get in trouble for accepting a card that reads "Check ID" instead of a valid signature. The merchant agreement stipulates that in these cases the cashier must check ID and have the customer sign the card in their presence. If the customer won't agree to this, the transaction should be refused. The link below is to a picture of the relative portion of Visa's acceptance criteria: http://i41.tinypic.com/v2vb49.gif [tinypic.com]

Re:I had no idea (2, Interesting)

KillerBob (217953) | more than 5 years ago | (#26268657)

Interesting reading. My card is signed with my real signature, which matches the one on my passport (which I carry when overseas) and my drivers' license. It's the receipt which I sign as "Check ID". I haven't yet called Visa on them, but I'm tempted to after reading that agreement. If nothing else, it means that they aren't actually checking the signature against the card.

Re:I had no idea (1)

MadnessASAP (1052274) | more than 5 years ago | (#26268871)

1. Get 60" TV at BestBuy
2. Proceed to Checkout
3. Pay with Visa
4. Sign a bogus name
5. Proft!!

Re:I had no idea (1)

NeoSkandranon (515696) | more than 5 years ago | (#26269015)

Interesting; I wasn't aware of the extra process involved in the case of a card signed like that.

Re:I had no idea (1)

owlstead (636356) | more than 5 years ago | (#26269513)

Chip & PIN? Doesn't matter much, unless they make it mandatory *or* if you can disable other ways of using your credit card. I've just looked it up for the Netherlands: everybody uses swipe & PIN over here. Not so safe, but better than just handing over the card and "signing" (or drawing a nice puppet, hence the quotes) a bill. Of course, this doesn't matter much because you can STILL use the card in other places in Europe without using the swipe.

As long as you can use your credit card without supplying the PIN, the PIN is more or less useless. The only limit is that the abuser cannot go to shops where they use chip & PIN. Gosh, that 'll stop 'm!

Re:I had no idea (1)

hughk (248126) | more than 5 years ago | (#26271173)

In Germany, there are a lot of bars & restaurants that don't take credit or debit cards. Two reasons, first the card processing companies take up to 6% and second, they prefer cash.

Re:I had no idea (1)

hughk (248126) | more than 5 years ago | (#26271323)

In Germany, most bars and restaurants don't take credit or debit cars because processing is too expensive (up to 6%) and they prefer cash anyway. Many bars and restaurants work in a grey area as far as tax is concerned.

Re:I had no idea (2, Interesting)

owlstead (636356) | more than 5 years ago | (#26269447)

"Nowadays those terminals tend to get upgraded to GPRS/EDGE though, but DECT units are still quite popular. Not for that long I guess."

Oh, yes, now I do feel so much safer. Trust me if I say that at least in the GSM world, security is rather haphazard. There have been many issues, including broken SIM's etc. etc. If I take a look at the specs, I don't feel safe against eavesdropping *at all*. I don't know if GPRS is any better, but my guess is that it is not.

Anyway, even if it is safe, the chances of listening in *after* the stream has been decoded are very high. There is *no* end to end security when using these technologies. For that reason, e.g. the government will never break in using the wireless network because it is much easier to break in elsewhere. Of course, chances of doing this anonymously are much lower than a direct attack on the wireless protocols.

Basically, if you are using things like payment over any wireless network, I agree with you that the implementers must put security at the application level, using end-to-end security. Otherwise the protocol is broken by default. Does anyone here trust that all these wireless access points have been updated to the latest firmware? Because I don't.

Note: I'm agreeing with the parent here, just deepening the discussion a bit.

Re:I had no idea (0)

Anonymous Coward | more than 5 years ago | (#26269781)

They should at least update them to UMTS/3G, because GSM security is practically toast. The groundwork has been done and it is only a matter of time until a hacker with a budget of a few thousand bucks can listen in on GSM connections.

Re:I had no idea (3, Insightful)

uffe_nordholm (1187961) | more than 5 years ago | (#26267331)

Unfortunately I don't think it the geeks thinking like you do who are the problem. I think the problem is the managers who make decisions based on what can be sold to the public, as long as the public doesn't find out some small dark secret...

As for me, I consider wireless communication insecure, but I don't always bother about it. It boils down to a balance of potential damage and cost (not only money but also time/impracticality...) of securing the communication.

Re:I had no idea (1)

CaptainZapp (182233) | more than 5 years ago | (#26268743)

I think the problem is the managers who make decisions based on what can be sold to the public, as long as the public doesn't find out some small dark secret...

Diebo^H^H^H^H^H, er!, Premier Solutions anyone, cough, cough ?

Re:I had no idea (0)

Anonymous Coward | more than 5 years ago | (#26274293)

WEP is insecure. WPA is secure with a good enough password (and a tiny bit of luck)

Re:I had no idea (1)

daem0n1x (748565) | more than 5 years ago | (#26267351)

Payment cards with a chip use complicated standards to communicate (EMV [wikipedia.org] ). Everything is done encrypted so, even if they can take a peek at a conversation, they still have to break the card security mechanisms.

Re:I had no idea (2, Interesting)

gzunk (242371) | more than 5 years ago | (#26268329)

Not necessarily, there are two modes that you can use the EMV cards in. Plaintext offline PIN, and Encrypted offline PIN. In plaintext offline PIN the card reader presents the PIN to the card in plaintext.

Guess which mode most of the UK cards use, Go on, Guess. (Hint: it's not encrypted.)

Re:I had no idea (1)

halcyon1234 (834388) | more than 5 years ago | (#26268439)

EMV is a good step in the right direction, but still has its flaws. The biggest flaw is, of course, systems that don't use the chip. "The door is locked but I was never given a key". "Oh, come on in".

The second is just a subset of the first: More chip-n-pin systems, if they detect a damaged chip, will default to the standard swipe method. This is because a small number of chips will be damaged-- magnets, static shock, wear and tear, etc. If they don't flip to the swipe method, the customer is SOL at the POS. So if you want to use a stolen chip'n'pin card, just damage the chip.

The third is a bit more esoteric but doable. If you control a POS handset, you can reroute its functionality to a wireless card, which goes to a computer, which goes to an accomplice at a merchant's POS with a fake card that is actually reciving the communications from your fake POS. If you time it right, this is what happens:

  1. Alice puts her EMV card into your fake terminal to pay for, say, lunch
  2. Bob puts his fake card into the terminal at Worst Buy, ready to pay for a plasma TV
  3. Worst Buy sends a "please authenticate and authorize" request to the fake card
  4. The fake card relays that information to your fake terminal at the restaurant
  5. Alice gets a message saying "Enter your pin and authorize your $5.99 salad
  6. Alice authenticates, and her chip signs the transaction
  7. Your fake terminal sends the signed and sealed transaction back to Bob's fake card
  8. Bob's plasma TV purchase is now authorized. And it was all done with a secure chip

Now, the REAL threat is actually liability. In the UK, a PIN is considered to be enough of a security device that if it is compromised, it is because the PIN holder didn't do due diligence. Thus, the card holder is responsible for the loss, not the card issuer. Banks have gotten off the hook, even in the face of massive fraud, because of the PIN. Now UK credit card companies can do the same-- even if was because someone stole a card, took it to Germany where the chip system isn't in place, and bought 50,000 EU of bratwurst.

Fortunately for those in North America, credit card transactions are always the responsibility of the card issuer (or merchant), and not the consumer. The terms of service have been updated to reinforce that. But, IMHO, that is "for now", and we'll see what happens once everyone is irrevocably switched over to the chip and pin cards

Reference, and a really good read: Chip and Spin [chipandspin.co.uk] . Includes a great whitepaper on how the whole EMV authentication system works.

Re:I had no idea (1)

Pinky's Brain (1158667) | more than 5 years ago | (#26267369)

I assume there is a second layer of encryption/authentication ... they couldn't be that stupid, right?

Re:I had no idea (3, Insightful)

sxpert (139117) | more than 5 years ago | (#26267405)

hmm. last I checked, bankers didn't really care, as long as the people using their services thought their transactions were "secure"

Re:I had no idea (2, Funny)

Opportunist (166417) | more than 5 years ago | (#26267407)

"What do you mean, 'can be hacked'? There's a law against it, right? It's illegal, right? See, it can't be hacked!"

Re:I had no idea (5, Interesting)

deroby (568773) | more than 5 years ago | (#26267427)

Personally I find it scary that people consider 'wired' communications to be 'secure' by default.

AFAIK most wireless protocols have at least some kind of 'security' and 'encryption' in their design. Granted that quite a few of these have been shown to be "incomplete", but at least there's an effort. Wired stuff on the other hand seems to be optimized for speed (and stability) only, but nobody really cares about security. When someone finds that they can eavesdrop on a wireless keyboard from an unobscured distance of say 5ft, hell breaks loose. But by my recollection there's been 'keyboardloggers' for ages, both in hardware (a "part" you had to put between the computer and the keyboard, something not quite unfeasible when you can get up to 5ft anyway) and software. (**)

Clearly, wireless is much harder to control (it simply goes through the wall to the house next door), wired isn't all that "unbreakable" either.
Imho, security would best be handled using software, that way at least it's easier to "upgrade" when a fault in the protocol is found. I doubt we're going to see everyone throw out their DECT phone or whatever anytime soon... Maybe they'll be able to eavesdrop on phone-conversations, and maybe they'll even manage to see what's going up & down when a payment transaction is going on, but I think (HOPE!) the latter will have at least some kind of protection in there to avoid the packets to be tampered with ...

(**: Frankly, I think the latter is much more widespread than most any of us think since it's so damn easy to create, but that could be me being paranoid)

Re:I had no idea (1)

madman101 (571954) | more than 5 years ago | (#26267591)

As I get the article, the DECT system has pretty good security. The problem is, it can be disabled almost on request! It's pretty easy to attack sloppy implementations of any security system, no matter how secure. I may be wrong, the version I read was pretty mangled...

The difference is simple (2, Insightful)

aepervius (535155) | more than 5 years ago | (#26267771)

Wired imply physical access, possibly leaving trace either in software or in hardware. If you leave trace you are therefore detectable and vulnerable yourself to be caught. Wireless on the other hand is another worm. You can read the comms without anyone knowing you ever accessed to it. And even if it is only from 5ft away, you can hide the material and it not be visible on you particularly on public place. Which is why hell break loose on any widely publicly used wireless communication is proved to be vulnerable to heavesdropping, whereas comms where you have to physically have access don#t do so much.

Re:The difference is simple (2, Interesting)

Alpha830RulZ (939527) | more than 5 years ago | (#26268981)

Wired is only as secure as the door on the phone equipment room, which in my building is shared by several businesses, and is often open as I walk by.

Clipper chip (2, Interesting)

Anonymous Coward | more than 5 years ago | (#26267831)

Personally I find it scary that people consider 'wired' communications to be 'secure' by default.

Back in the '90s there was a big fight in the US about the Clipper chip, [slashdot.org] and forcing every phone in the US to have an encryption chip, with the keys being escrowed and only available via a court order.

While there were many reasons to be against it, I never understood why some people used the argument that the government could always secretly access the encryption keys. Given the fact that all phone calls are in the clear to begin with, adding the Clipper would actually add some security--if not against the government, then at least against someone attaching some alligator clips to your landline.

Your landline is just a bunch of voltage fluctuations, and after the "last / first mile" a bunch of bits--both of which can be tapped very easily. Unless we all start using STU-IIIs [wikipedia.org] it's simply best to assume that you're being tapped. (And even with STU-IIIs you still have to worry about traffic analysis [wikipedia.org] .)

Re:Clipper chip (1)

hughk (248126) | more than 5 years ago | (#26271275)

The issue was that with access to the LEA (Law Enforcement Authority) keys, all your communications were interceptable. Although it was proposed that the LEA key would be partitioned, skeleton keys can always be copied. That is, the LEA key could/would leak.

Re:I had no idea (2, Insightful)

Archangel Michael (180766) | more than 5 years ago | (#26268451)

"Personally I find it scary that people consider 'wired' communications to be 'secure' by default."

No, you misunderstand. Nothing is "secure". It is a grades of security. In this case, wired communication is MORE secure than wireless.

Anyone suggesting perfect security is either a fool, selling something, or a liar ... or all three.

Re:I had no idea (1)

cr_nucleus (518205) | more than 5 years ago | (#26271499)

When someone finds that they can eavesdrop on a wireless keyboard from an unobscured distance of say 5ft, hell breaks loose.

Already done, I guess you haven't been reading slashdot well enough:
http://hardware.slashdot.org/article.pl?sid=08/10/20/1248234 [slashdot.org]

It's from 20 meters and through walls.

Re:I had no idea (1)

mseidl (828824) | more than 5 years ago | (#26272653)

Snooping in on wireless is easier, (IMHO) than wired. You can sniff traffic easily if you're on the same hub/switch, but outside of that it gets more difficult.

But, there lies the limit of my wired hacking.

Wireless, can be hacked, and with a crappy can-tenna and a recycled sat dish you can get a really far range on the cheap.

Who cares about payments!?!? (2, Funny)

PolygamousRanchKid (1290638) | more than 5 years ago | (#26267441)

The article said that you could eavesdrop on baby-phones.

Now, this is *really* a case on Slashdot, where we should "Think of the Children!"

Re:I had no idea (0)

Anonymous Coward | more than 5 years ago | (#26267477)

I guess I've always made the assumption that there is no way to validate the security of wireless connections, so they should always be considered insecure. Do I just have a paranoid mind, or do other geeks think like that to?

Not paranoid enough I think.
Any tinfoil hatter worth their Faraday cage knows a wired connection is only as secure as the wire.

Re:I had no idea (1)

arkhan_jg (618674) | more than 5 years ago | (#26268907)

You're not the only one. I'd already assumed DECT encryption had been broken some time ago and that it was already considered insecure, so other strong tunnel encryption should be required for anything sensitive. I'm rather surprised it's taken this long to MitM it.

Re:I had no idea (1)

taniwha (70410) | more than 5 years ago | (#26269461)

My banker here in NZ uses one to call head office to get an OK every time I do a large international transaction ....

Com-On-Air PCMCIA card (0)

Anonymous Coward | more than 5 years ago | (#26267245)

Noticed you might have to hit ebay.de to find them... Not sure if you can get hold of them outside Germany, my ebay-fu is weak today.

Re:Com-On-Air PCMCIA card (1)

kmahan (80459) | more than 5 years ago | (#26270149)

As the previous author mentioned these cards are available on ebay.de but it appears nobody is listing them in the US.

Does anyone know of a source for them (at a reasonable price) in the US?

Dammit! (1)

Quarters (18322) | more than 5 years ago | (#26267321)

My PC Card cost EUR 23.50! It's USELESS!

Google Translation (1)

Quicksilver_Johny (941977) | more than 5 years ago | (#26267329)

Re:Google Translation (0)

Anonymous Coward | more than 5 years ago | (#26267565)

"communication of this kind can be eavesdropped easily"

A very good translator:
http://dict.leo.org/ende?lang=de&lp=ende

Scandal (0)

Anonymous Coward | more than 5 years ago | (#26267515)

The big scandal is that the people who invented the DECT standard knew better then. Many standards have been made intentionally weak in order to (1) reduce production costs and (2) make it easier for law enforcement/intelligence agencies to eavesdrop.

Videos and streams here: (1, Informative)

Anonymous Coward | more than 5 years ago | (#26267535)

http://events.ccc.de/congress/2008/wiki/Streaming

Based on the mangled translation... (4, Informative)

russotto (537200) | more than 5 years ago | (#26267687)

..it appears they haven't broken the cipher, but instead managed to trick the handset and base into not enabling encryption in the first place. I'd guess (without any actual information) that it's an active attack where you intentionally interfere to force a disconnect, then trace the reconnection up to the point where encryption is requested, then fake a packet with encryption not requested (it's TDMA so you know exactly when it is going to come). For cordless phones this is a problem, but for PIN terminals and other dedicated DECT devices, it should in theory be simple to refuse to make certain non-encrypted connections or transmit sensitive data over them. However, in actual practice, nothing involving DECT is simple...

Article in English (4, Informative)

cheftw (996831) | more than 5 years ago | (#26268007)

With a laptop aufgebohrten [bohren is to drill] card for 23 euros, according to security experts call on the basis of the widely-used standard Digital Enhanced Cordless Telecommunication simply listen.

Who confidential telephone conversations, you should better not be one of the most popular cordless phones on the basis of the standard DECT (Digital Enhanced Cordless Telecommunication) access. As security experts at the 25th Chaos Communication Congress (25C3) in Berlin said, can easily intercept such communications. What is needed is therefore only a aufgebohrte, actually for the Internet telephony imaginary laptop card for 23 euros and a Linux computer. No problems with the interception of long-distance DECT had this device, as very often when an encryption is not activated. But even at the beginning of encrypted information exchange could plug the card base and pretends to disable encryption.

The approval by the European Telecommunications Standards Institute (ETSI) standard DECT procedure is most widely used for cordless telephones. In addition, the standard in Babyfonen, emergency calls and door-opening systems, cordless EC-card or even in traffic management applications. The number of active DECT terminals in this country alone at 30 million. For the authentication of the base and the associated equipment and for the encryption of data using DECT standard crypto methods.

The algorithms are used in the devices and will all be wired to the public are kept secret. The network master key is not used to leave. In theory, see that everything from sound, said Erik Tews, one of the researchers involved the discovery of the TU Darmstadt. The practice, however, as various workarounds and attack surfaces.

After the hackers initially a fairly expensive and high processor performance requirements DECT sniffer had built, they found, according to Andreas fellow students with the ComOnAir card "another beautiful hardware" for the reception of data traffic. After a reverse engineering, the replica of the circuit diagram, the retrieval of Fimware and the AnlÃten some additional lines was scarce after a month of looking, for example, from a house in front of a parked car use sniffer been completed.

The inventor was quickly noticed led Tews went on to say that sometimes have no authentication or encryption process between the transmitter station and the handset will be activated. Often authenticate the phone only to the network as the GSM cellular standard, although in principle, DECT also the network to the receiving unit as it could identify. For other devices, is a successful authentication, but without encryption. In all these cases, the PCMCIA card with a special Linux driver active discussions track, extract the data on a storage medium and write an audio player such performance can. It should have been possible, in any conversation in such a poorly secured DECT network recorded.

If the handset is encrypted conversations have had the case not much more difficult, said Tews. Using a modified driver and a script you have the base issue as sniffer and data traffic, thanks to the support VoIP on an Asterisk server, and also redirect you. A breaking of keys had been necessary because when emit a signal that encryption is not supported, to communicate in plain had been converted. "It works on all systems, which we have found here", underlined the Darmstadt researchers vulnerability DECT standard implementations.

Even when encryption system itself was the first hacker sticking points. According Tews succeeded them, a reverse engineering of the central DECT Standard Authentication Algorithm (DSAA) and its four sub-models to implement. A research report on the project site dedected.org finding implementations and source code for the programming languages Java and C will follow soon. Quite the DSAA is broken so far but not yet.

On the well kept secret DECT Standard Cipher (DSC) is in accordance with Ralf-Philipp Weinmann of the research team is also still no effective attack. A patent, which Alcatel in Spain and the United States requested, it would be helpful in detecting possible weaknesses in the code. As a little tough also had the generators for the need to encrypt the random numbers proved so that you can also simulate handsets and can decode encrypted conversations. Not least of Weinmann announced that the Wi-Fi sniffer Kismet in its next version also will support DECT.

[update]
The detour via the Com-On-Air card is the fact, however, not redundant. Also, the software Kismet, which is now scanning DECT networks can be used, requires the Com-On-Air card. DECT and WLAN radio in different frequency ranges, it is customary with Wi-Fi hardware is not possible, they DECT scanning to abuse.

Re:Article in English (1)

cnvogel (3905) | more than 5 years ago | (#26270641)

With a laptop aufgebohrten [bohren is to drill] card for 23 euros

aufgebohrt means pimped. So they used a laptop and a improved version of the DECT card.

Re:Article in English (0)

Anonymous Coward | more than 5 years ago | (#26270775)

Babelfish translations are modded +2 Informative now? The end is nigh.

So... (1)

jellomizer (103300) | more than 5 years ago | (#26268305)

Does this mean we can make fun of the Germans, Mock their culture and ideals. Show how backwards they are compared to our culture. Do this while not fully understanding what their culture is or reasons why their method needs to be different then ours.

Anonymous Coward (0)

Anonymous Coward | more than 5 years ago | (#26268419)

You can also read it in Dutch ;) here [tweakers.net] )

But another way is ofcourse English. Full story from researchers right here [dedected.org]

I get a prize now for finding it ;)?

More 25C3 fun from Heise (1)

Lars T. (470328) | more than 5 years ago | (#26268937)

http://www.heise-online.co.uk/security/ [heise-online.co.uk]

25C3: More light shed on "denial of service" vulnerabilities in TCP

25C3: Reliable exploits for Cisco routers

25C3: Cracks in the iPhone security architecture

While we are being paranoid (1)

Sidzilla (710875) | more than 5 years ago | (#26276321)

First question- How many of you use encrypted passwords and secure procedures in your online transactions? Next question- do you have a lock on your mailbox? Most identity theft is done in the physical world through the simple theft of mail.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?