CCC Hackers Break DECT Telephones' Security 116
Sub Zero 992 writes "Heise Security (article in German) is reporting that at this year's Chaos Communications Congress (25C3) researchers in Europe's dedected.org group have published an article (PDF) showing, using a PC-Card costing only EUR 23, how to eavesdrop on DECT transmissions. There are hundreds of millions of terminals, ranging from telephones, to electronic payment terminals, to door openers, using the DECT standard." So far, the Heise article's German only, but I suspect will show up soon in English translation. Update: 12/30 21:27 GMT by T : Reader Juha-Matti Laurio writes with
the story in English. Thanks!
Free speech! (Score:2, Insightful)
In Soviet America, they wouldn't be allowed to publish this.
Re:I had no idea (Score:4, Insightful)
As for me, I consider wireless communication insecure, but I don't always bother about it. It boils down to a balance of potential damage and cost (not only money but also time/impracticality...) of securing the communication.
Re:Hey Faggots (Score:1, Insightful)
Failbait.
Re:I had no idea (Score:4, Insightful)
hmm. last I checked, bankers didn't really care, as long as the people using their services thought their transactions were "secure"
The difference is simple (Score:3, Insightful)
Re:I had no idea (Score:3, Insightful)
No, because while they are swiping it, they can also take a clone copy of the card to sell to criminals. At least that's what happens in Britain, and for that reason we are advised not to let our cards be taken out of sight.
Don't you have chip & pin yet? France has had it for about 15 years now, and Britain has had it for a few years.
Re:I had no idea (Score:3, Insightful)
"Personally I find it scary that people consider 'wired' communications to be 'secure' by default."
No, you misunderstand. Nothing is "secure". It is a grades of security. In this case, wired communication is MORE secure than wireless.
Anyone suggesting perfect security is either a fool, selling something, or a liar ... or all three.
Re:Clipper chip (Score:3, Insightful)
The Clipper chip concept, as applied to telephones, had several big issues. First (as someone else points out), the mere existence of Law Enforcement / NSA keys, held somewhere in a vault, is a security risk. Those keys could leak at some point, and then the entire infrastructure is worse than useless.
Second, a lot of privacy-minded, government-distrusting people saw the situation Clipper would create as being worse than having no security at all. At least with insecure POTS phones, people of average intelligence get that they're insecure, and can be eavesdropped on pretty easily by both law enforcement and determined third parties with access to the building wiring closet or telephone company switching center. This leads to a demand for secure-communication products (ranging from free products like PGPfone and Zfone, to devices like the Sectera aimed at commercial users), demand which would not exist in an environment where every phone had a Clipper installed.
Put bluntly, the current situation (where "no security" is the default) allows -- some would say forces -- users who have a mild need for security, for instance just enough to prevent casual interception, to buy aftermarket products. These purchases keep a thriving non-governmental security industry going, and essentially subsidize the relatively small number of people who really need security not only from casual interception but from the government as well.
If you take on premise, as I and a fair number of other people do, that it's a Good Thing to have the ability to communicate without being spied on by your government (this is outside whether you personally actually think you need it, much less take advantage of it; just that the capability is there if you for some reason wanted to), then Clipper would have been a disaster. The only way it looks like a good idea is if you negate completely the value of having communication channels free of government backdoors (or even better, if you consider the elimination of any channels free from government snooping to be a net positive), which if it was borderline defensible in 1994 seems truly insane today.