Incident of the Week: Patents Help Crack Encryption Used in Cordless Telephones

This week cryptographers Karsten Nohl from University of Virginia and Erik Tews of the Darmstadt University of Technology announced that they had broken the DECT encryption standard.  Who cares, you ask?  The Digital Enhanced Cordless Telecommunications or DECT standard is what prevents someone parked outside your house from being able to listen in on telephone conversations you are having on your 1.9 GHz DECT cordless phone.  (So, that’s what that label on the receiver means.)

Nohl told Dan Goodin from The Register that he cracked the code by putting the DECT chip under the electron microscope and then comparing his findings with information disclosed in the published patent(s).  According to Nohl, it might take him 4 hours of monitoring to listen in on a particular telephone call, but only 10 minutes to crack the DECT encrypted credit card transmissions at a restaurant.  Even more worrisome, is Nohl’s expectation that better hackers are likely to be able to decode these transmissions even more quickly.  “We expect that some smarter cryptographers than ourselves will find better attacks, of course. . . We found the algorithm and then implemented the first attack. It’s almost guaranteed that this is not the best attack.”

Leave a Reply

Your email address will not be published. Required fields are marked *