In association with heise online

05 May 2010, 13:17

Worth Reading: DECT cryptanalysis and counter attacks on malware

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

As already announced at the 26C3 congress, Karsten Nohl, Erik Tews and Ralf-Philipp Weinmann have released details of their cryptanalysis of the proprietary and secret encryption algorithm used with DECT (DECT Standard Cipher, DSC) an encryption commonly used with cordless phones. The analysis was carried out by reverse engineering DECT hardware and descriptions from a patent document.

In their paper titled "Cryptanalysis of the DECT Standard Cipher", the authors describe the analysis and reconstruction of the algorithm, as well as practical ways of calculating the key from recorded key streams within a few hours. A C language implementation of the DSC completes the document.

Reverse engineer Andrzej Dereszowski closely analysed the malware installed via a PDF document on a customer's system, searching for specific security holes. He found that the freely available Poison Ivy "remote administration tool" had been installed to access infected systems.

When analysing the respective Command&Control software, Dereszowski found a buffer overflow that could be exploited to inject and execute arbitrary backdoor code. While this discovery could in principle be used for counter attacks, it remains an open question whether such attacks would really hit the right target.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit