Worth Reading: DECT cryptanalysis and counter attacks on malware
As already announced at the 26C3 congress, Karsten Nohl, Erik Tews and Ralf-Philipp Weinmann have released details of their cryptanalysis of the proprietary and secret encryption algorithm used with DECT (DECT Standard Cipher, DSC) an encryption commonly used with cordless phones. The analysis was carried out by reverse engineering DECT hardware and descriptions from a patent document.
In their paper titled "Cryptanalysis of the DECT Standard Cipher", the authors describe the analysis and reconstruction of the algorithm, as well as practical ways of calculating the key from recorded key streams within a few hours. A C language implementation of the DSC completes the document.
- Cryptanalysis of the DECT Standard Cipher, a paper by Karsten Nohl, Erik Tews and Ralf-Philipp Weinmann.
Reverse engineer Andrzej Dereszowski closely analysed the malware installed via a PDF document on a customer's system, searching for specific security holes. He found that the freely available Poison Ivy "remote administration tool" had been installed to access infected systems.
When analysing the respective Command&Control software, Dereszowski found a buffer overflow that could be exploited to inject and execute arbitrary backdoor code. While this discovery could in principle be used for counter attacks, it remains an open question whether such attacks would really hit the right target.
- Targeted attacks: From being a victim to counter attacking, a paper by Andrzej Dereszowski.