Title: DECT Standard Cypher (DSC) Encryption Bypass Vulnerability
Severity: HIGH
Description:
Digital Enhanced Cordless Telecommunications (DECT) is a standard for cordless telephones that provides a way to encrypt transmissions between a wireless device and a base station.
The DECT Standard Cypher (DSC) is an algorithm used by DECT to encrypt data. The DSC is prone to a key-recovery attack. Eavesdroppers who can access encrypted messages with known plaintext may exploit this vulnerability to recover encryption keys.
Using consumer-grade computers, researchers have made attacks that can recover keys within approximately two hours, when given access to several hours of cordless phone conversation. Time requirements may vary for different applications of DECT.
Attackers can exploit this issue to overcome the DSC encryption algorithm and then read encrypted data sent from a wireless device to the base station. This may allow attackers to obtain potentially sensitive information; other attacks are also possible.
Affected Products:
- DECT Forum DECT
References:
- DECT Forum: DECT Forum Announces DECT and CAT-iq Security Certification
- DECT Forum: DECT Forum Homepage
- Karsten Nohl, Erik Tews, and Ralf-Philipp Weinmann: Cryptanalysis of the DECT Standard Cipher
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
