...they are saying that becuase it's not open, it's not secure?
It's taken 20 years to crack it, which in terms of encryption is bloody good !
Cryptographers have broken the proprietary encryption used to prevent eavesdropping on more than 800 million cordless phones worldwide, demonstrating once again the risks of relying on obscure technologies to remain secure. The attack is the first to crack the cipher at the heart of the DECT, or Digital Enhanced Cordless …
...they are saying that becuase it's not open, it's not secure?
It's taken 20 years to crack it, which in terms of encryption is bloody good !
...that when an encryption mechanism isn't open to peer-review, your peer's cannot point out your mistakes. Given how complicated encryption is, its easy to make mistakes. Security by obscurity is never a sensible defence, because if your product/service becomes popular, so will the attacks against it, and if you have screwed up (which humans have a tendency to do), you will be found out.
"Open source" cryptography doesn't necessarily negate the possibility for mistakes, but it increases the likelihood that those mistakes will be identified and corrected quickly, rather than those attack vectors persisting long term because the source-code is held by a vendor and requires them to implement fixes. You only have to compare Microsoft with the Linux community - Critical MS Bugs can take many months to fix and for a patch to be released, Critical Linux bug fixes tend to be turned around in days or weeks.
The real problem starts when managers and marketers get involved, they don't understand it so they automatically ask for it to be obscured, thinking that if you hide encryption it becomes even more secure! They don't understand the basic principles of encryption, they don't seem to understand that it's the algorithms that are more important than the keys.
Peer review IS the answer, it allows the algorithms to be refined correctly.
1. It didn't take the researcher 20 years to do the analysis
2. This is white hat study. How d'ya know a black hat study hasn't discovered this on release of the first handset, following the same standard procedure as the white hat study?
Note for those trying to leglislate that investigating encryption systems is unlawful: if the white hats aren't allowed to show that an encryption scheme is flawed (or publish the shortcomings), then the black hats can take advantage with no-one the wiser. Also, the institutions using the flawed systems lose a major incentive to get it right and can chill anyone suggesting otherwise.
Not to take away from the work the chap has done, but he didn't break the encryption... he reverse-engineered it. There is a rather large difference between the two. Either way, my cordless phone (much like my mobile) seams all that much less comfortable to use.
I think it would be more accurate to say that he reverse engineered the encryption algorithm in order to determine how to break it. Given the proprietary nature of the algorithm, the former was just a necessary step to the latter.
What we're left with is a reliable and fairly computationally simple way to decrypt the DECT protocol. I'd class that as "broken".
Reverse-engineering one DECT phone allows you to replicate that phone only, you have simply read-out its secret key and the algorithm.
In this case he did break the encryption - he demonstrated how the chosen encryption key could be deduced (and in less time than a brute-force search through all possible keys) based on listening to the over-air traffic.
This is possible because of certain weaknesses in the proprietary algorithm, weaknesses that could have been eliminated had the designers published their scheme.
OK, when DECT was formulated, the value of the information they were protecting was very low, and DECT was a huge improvement on the analogue cordless phones.
Even with cordless e-payment terminals, breaking DECT offers no benefits, above and beyond simply tapping the telephone line. Well, OK, its undetectable, but that's it.
I would say they did well to conceal their algorithm, it's kept it all working for 20 years. Even if they had followed best practice and published, an algorithm held to be secure 20 years ago would not be so now.
RSA is still secure 30+ years after its conception, the only thing that makes it "weak" is its dependence on key length. IDEA is also quite old, and is still considered secure. Most of the cracked algorithms are usually the ones that were half-baked, short-sighted and propietary. DECT falls into this category.
All very clever stuff but who gains from this work (other than criminals)?
If the weakeness are addressed and the encryption is improved we all benefit. The criminals on the other hand are worse of.
It's a bit late now though isn't it? My DECT phone can't upgrade itself. If they'd just gone and told the DECT people then they could have brought out a more secure system in the future. Now we're all stuck with phones that criminals know can be hacked. How have I benefited from that?
Now you KNOW that the DECT phone is insecure and that badies could intercept the info. Previously you just hoped that it was secure and that nobody knew how to intercept the info.
Now you know not to transmit credit cards over it or discuss things that you could not bear to have intercepted.
Now you are living in light of the knowledge of the risks you are taking and not in the darkness of ignorance.
Mine can upgrade, whether or not an update will actually be released is something else!
I chat to a friend using a DECT cordless phone. We discussed this and came up with loads of alternatives. Sure, cracking the phone might get you both sides of the conversation, but there's probably enough room in the unit itself for a small FM transmitter. You could bug the room. You could sit outside with a parabolic microphone and listen. Or, forget the handset, the signal is turned into analogue for the phone line. A capacitor, earpiece, and two croc clips will get you both sides of the conversation. It is harder for my line as it is only a few inches long. It goes into my ADSL box where it becomes VoIP. Packet sniffing?
I'm not worried if my DECT handset has been compromised. I have the usual selection of idiotic secrets as the next guy, and none of them are worthy of listening to what I have to say. Likewise some commentards - what do you think you have to hide? Why do you think anybody would be interested?
Let's be honest that while his methods are not exactly a mainstream black hats approach they could have been used by just about any government or major organised crime operation in the last 20 years.
Fail for the companies who *continue* to believe this approach works.
"demonstrating once again the risks of relying on obscure technologies to remain secure"
DECT has remained secure for twenty years, and been in *very* common use for at least 10, and is only just cracked. Computers are now over 1,000 times more powerful than when it was designed.
Compare that to, say, DVD's CSS, and you have to hand it to the designers - they didn't do a bad job at all.
CSS is different in a number of ways:
The data already exists on a computer - therefore anyone with a PC and working CSS image can attempt to break the encryption. Building a rf interceptor to get the data from a DECT stream onto a PC would pose a much greater barrier to start work to break the encryption.
There was also a desire and hence a willingness to try and break CSS as it would provide a real real world benefit (financially as it turned out for DVD Jon) - breaking DECT doesn't really help anyone.
You also have no way of knowing that it hasn't been cracked in the last 20 years - the government agency's with the power and desire to do this would not publish research papers, so for all we know DECT could have been broken 10 years ago. I think this is however unlikely as governments would just get a wire-tap on the line rather than break DECT - therefore it comes down to not bothering to look again.
" I think this is however unlikely as governments would just get a wire-tap on the line rather than break DECT - therefore it comes down to not bothering to look again."
OK now if I have an open broadcast - do I really need to get a wire tap? (INAL!) I suspect that there are loop holes on this subject.
I suspect that the DECT Forum will report that the hack isn't critical so and that there's no reason to fix anything.
This breaks card reader encryption? Yipe.
Is that widely used in the UK currently? Or is it replaced by Chip and PIN, which I gather has a newer encryption standard(?)
The encryption is defective because data is insufficiently random. The encryption is broken inasmuch as apparently you can park a receiver outside a building, scan DECT phone or credit card transactions for at most a few hours of use, and then decode all traffic thereafter.
Mitigation: don't use DECT cordless equipment for sensitive operations.
Hire car operations in particular are already liable simply to have their customers stolen by others.
...credit card data is encrypted by a separate algorithm (the industry standard is a high-bit-count PKI system) which is in turn turned over to the phone. Whether or not the phone then encrypts it further with DECT to send it over to the base station and from there to the landline doesn't mean much. Scanning and decrypting a DECT credit card transaction should amount to the same stuff one would get from a landline tap--a bunch of still-encrypted gobbledygook.
The link between the card reader and the bank is also encrypted so no, they can't get your card details. If this wasn't also encrypted then any unscrupulous merchant/employee could get your details by listening in between the base station and bank.
20 years seems like quite a good run. I'm not sure I'm convinced by the "security through obscurity is always a fallacy" idea. Which is more secure, keeping all your valuables in a security-rated safe on your front doorstop, or keeping them hidden somewhere non-obvious and not advertising the fact you have valuables in the first place? And let's not forget that intercepting communications is illegal. Just as with things like copyright infringement, we shouldn't accept the mindset that just because something is POSSIBLE to do with computers that means it's ACCEPTABLE to do so. If I keep a personal diary in my desk, I don't expect to have to encrypt it with a 2048 bit key for people not to read it.
Please don't confuse what's right and proper to do with the activities of the minority:
"If I keep a personal diary in my desk, I don't expect to have to encrypt it with a 2048 bit key for people not to read it."
Agreed - but I think the world + dog would agree that you'd be (at best) misguided to leave your bank account details in plain view; some things are just too tempting to crooks, Rolf.
Being able to empty your bank or listen-in on your conversations (assume for a moment you're a high-ranking offical at, say, Airbus) is just too tempting to some and we - as an industry - owe it to the masses to ensure that the technology of communication is not the weak link in the chain - no matter how mundane the content might be, it's 'our' job to protect it to the best of our collective ability.
Just 'cos it's wrong doesn't stop it happening, a quick look at the prison stats will confirm that!
Sorry, but this is the real world and the crims don't think like the normal people, you have to find the best encryption you can but still allows you to access your information easily enough, if nothing more than to give yourself peace of mind. You compromise.
It's like the old argument, yes young lady you have the RIGHT to wear next-to-nothing when you go out at night, it's a free country. However, the scum of the earth who walk the streets have taken the PRIVILEGE to allow you dress as you wish, from you. You have to compromise.
That analogy about girls going out dressed in next to nothing put me in mind of another thing my grandfather used to say:
"He was dead right as he drove along, but he was just as dead as if he'd been wrong."
Whilst some say 20 years is good, if they had done it properly it could have been 50 years!!
Whilst Botches work they are not long term solutions.
Security through Obscurity is no security at all.
"The attack is the first to crack the cipher at the heart of the DECT, or Digital Enhanced Cordless Telecommunications, standard, which encrypts radio signals as they travel between cordless phones in homes and businesses and corresponding base stations."
Technically, I think you'll find that the encryption takes place before the signals start their travel through the ether. It's a bit tricky to do it once they've left the phone.
Surely any spook/crook will just tap the line and harvest your conversation unencrypted, rather than have all that rf agro. Any spook with the resources to contemplate DECT interception will also have the resources and/or authority to tap your chat by conventiontional means.
I'm not sure that DECT buys you much in the first place. What does it prevent, exactly ?
Freedom from crosstalk when you have one or more DECT equipped phones going in the same area, without having to mess about changing channels
Wether or not the encryption is good or bad, is more academic than anything else. Most phonecalls are not high value communications, and the range of the typical wireless handset is not that great, typically 300 yards on a good day. Any encryption that stops the neighbours listening to your pizza order on a Friday is good enough to be useful.
As mentioned above the people you really need to worry about will have warrants and access to very good listening equipment
..."Mitigation: don't use DECT cordless equipment for sensitive operations!"
Unless you are a business with a PRI, trust me there are much easier ways to listen in.
Open Street box - easy
Punch down pair into frame - easy.
Locate correct number - easy
Listen in. Easy.
Far, far easier to listen in that way than crack a DECT key.
=> more than 800 million cordless phones worldwide,
=> demonstrating once again the risks of relying on
=> obscure technologies
If 800 million instances - something like 1 for every 6 members of the global population - of a technology counts as "obscure", how many would have to be sold in order to count as "popular"?
On any approved system card data and PIN data will be encrypted at the application layer on the handset. It is naive to believe that any manufacturer would rely solely on the encryption provided by DECT (or any other wireless standard) as a means of protecting data at any stage of communication.
All wires and wired communication should be considered as insecure for financial transactions. It is the sensitivity and nature of the data being communicated which drives the encryption type not the means of communication.
DECT encryption is designed to provide reasonable security for most aural communication. It can be argued that DECT still suffices to prevent someone hacking your baby monitor; or what you are having for dinner; or that one's spouse is on the train.
"It is naive to believe that any manufacturer would rely solely on the encryption provided by DECT (or any other wireless standard) as a means of protecting data at any stage of communication."
Except that before the development and enforcement of the PCI standards, a lot of card systems did just that -- usually because the users didn't know how to enable enhanced encryption options and manufacturers didn't default them.
It is naive to believe that just because a security option is available, users will choose to use it.
It is also naive to believe that manufacturers will set the more secure settings by default.
Your gov may find it easy to wire tap you, a foreign one may well find it easier to listen in to the wireless chit chat.
There is no obscurity about this protocol. DECT phones are made all over the world. Therefore governments all over the world know how it works. It would be naive to believe that spy agencies don't know how to do this already.
20years is a good run for an encryption system, but the problem with consumer standards is that people expect them to last.
Peer review 20years ago might have helped avoiding silly errors, but there could still be the chance of brute force attacks. An encryption system that was pushing the limits of affordable tech 20years ago could easily reach the point of being susceptible to attack now.
Encryption system have an in built obsolescence. Users of encryption need to learn to live with that. Whether it is smart card system, phone systems or DVDs. No system will last.
A foreign government agent is not going to come creeping round my house with a laptop and a vanload of antenna, with all the atttendant risk of discovery. He will just bribe some dude at the phone company to do a tap. Heck he probably has agents at the phone company already.
It hasn't taken 20years to crack the encryption.
It happens to have been 20years before somebody bothered to publish a conference paper on the attack.
We don't know who/when/if somebody has already cracked this.
Since the strength of the encryption relies on the secrecy of the algorithm the easiest way to have broken it isn't to mess about doing electron microscope analysis of the chips - it's to have paid somebody at a 3rd world DECT phone making company $100 to give you the details.
Some people actually reverse-engineer microchips... 0_o
For me 20 years seems good enough... Considering it still needs a fair bit of computational power even now, the attack would hardly have been practical until recently.
If they did not have anything to replace it with WHEN it was found to be insufficient.
Man you software people are beyond the pale, saying '20 years is a good run'
The modern world be a total shambles if 20 years were the expected lifetime of our infrastructure.
Imagine the Hoover Dam collapsing after 20 years and the engineers saying 'hey it was a good run'.
What's the point here?
There are far far easier ways to tap a phone conversation (voice or data) than to faff about with the over-the-air encryption. Many of them have already been mentioned (legitimate/state interception, illegitimate access to the distribution box or whatever they're called are just two). One that hasn't been mentioned, one that might be called the "News of the Screws" attack, just involves bribing telco employees (though YAAC at 16:13 comes close with the idea of bribing the manufacturer).
@Fran Taylor: "you software people are beyond the pale, saying '20 years is a good run'"
You're not from round here are you. Mind you, an OS called VMS is still compatibly doing what it started doing back in 1978, possibly even on some 20+ year old hardware. It's mostly the Window box people that have talked the Board of Directors into thinking that two or three year asset lifetimes (with no visible business benefit from upgrades) make sense.
@Sean O'Connor 1: Your post reminds me somewhat of a comment heard from the Pope when they told him about Galileo's telescope and ideas: "All very clever stuff, but who gains from this work, other than the atheists?"
Do worry about drive-by criminals making a 23-hour phone call to Nigeria from your landline and the phone company insisting that it's your fault and you have to pay.
Maybe check your call history from time to time and unplug the base station when you're not at home.
Someone get this kit to Robin Rimbaud - there's been a paucity of Scanner over the past few years...
Good for them. Time to change the way it's done though; because those shabby methods won't get you 20 years out of the next system.
The grenade is for all those who persist in asking "What have you got to hide?" and "Nobody cares about your boring telephone calls."
The problem with security by obscurity is primarily when the goods secured are not physical. If you hide your money under the bed then you know quite quickly when your security has been breached (if you count it regularly). If you secure information and somebody "steals it", you still have it as well (but its value might be reduced to nothing if the wrong person also knows it). I think that the phrase goes back to Kirchoff who showed that you have the most security if you depend on the smallest possible secret. "Security by Obscurity" is the name now given to making the algorithm part of the key size. Worse, the algorithm is by definition a non-physical secret so someone else might know it (thus reducing the actual key size and the level of security) without you being aware.
And trust that they'll do something about it? As opposed to exposing it and making sure they'll do something about it? Often standards need a shove to get moved on, this is one such shove.