Welcome to deDECTed.org Project

DECT (Digital Enhanced Cordless Telecommunications) is a standard for cordless phones. The goal of deDECTed.org is to better understand DECT and its security and to create an Open Source implementation of the DECT standard.

Latest news: We are presenting the current state of the project at the 26C3 in Berlin on December 29th. The DECT Forum has already responded to the new research: ​http://dect.org/news.aspx?id=52. We very much appreciate the openness with which the DECT manufacturers are pushing towards more security!

We publish information about security issues in the DECT protocol and its various implementations in order to increase the overall system and protocol security.

BlogList(format=float,recent=5,max_size=350)?

important warning

listening to phonecalls without prior permission is illegal. E.g. in Germany even the attempt is ​punishable up to five years imprisonment.

Who we are

At this moment, members of the dedected.org project are people of the following entities:

• ​Chaos Computer Club (​Munich, ​Trier)
• ​TU-Darmstadt Germany
• ​University of Luxembourg
• ​Bauhaus-Universität Weimar Germany

as well as some individuals without any particular affiliation.

The project members (in alphabetical order):

• kaner Christian Fromme
• H. Gregor Molter
• ​Karsten Nohl
• krater Andreas Schuler
• Erik Tews
• Ralf-Philipp Weinmann
• Harald Welte
• mazzoo Matthias Wenzel

Interesting Hardware

• AVM Fritzbox 7270
• COM-ON-AIR PCMCIA Card
• Universal Software Radio Peripheral (USRP)

Subprojects

• Reversing DSAA project
• Reversing DSC project
• DSC security analysis project
• DSAA security analysis project
• DSAA implementation project
• DSAA FPGA implementation project
• DECT PRNG analysis project
• COM-ON-AIR windows driver project
• COM-ON-AIR Linux driver project
• DECT Linux kernel stack project
• CON-ON-AIR kismet integration project
• DECT USRP project
• Fritzbox sniffer project

SVN access

You find a public svn server at ​https://dedected.org/svn, to download all projects, type:

svn co https://dedected.org/svn/trunk dedected

Academic publications and thesis

• Attacks on the DECT Standard Authentication Algorithm has been submitted and accepted to CT-RSA 2009 and covers the reversing and analysis of the DSAA.
• An Efficient FPGA Implementation for an DECT Brute-Force Attacking Scenario will appear at the ICWMC 2009 and describes an efficient DSAA attack.
• Alexandra Mengele finished her diploma thesis ​Security of Digital Enhanced Cordless Telecommunication (DECT) devices for residential use, which gives a detailed overview of the current state of DECT security for a wide range of DECT phones for residential use (aka. consumer phones).
• Bauhaus-Universität Weimar has one diploma thesis running about differential and linear cryptanalysis of the cassable block cipher used in DSAA. This is supervised by Stefan Lucks.

More information about the DECT standard

Most parts of the DECT standard are public and can be downloaded from ​http://www.etsi.org/. However, there are two parts which are secret and only available to some DECT system vendors:

• The DSAA Algorithm
• The DECT standard cipher

We also have an DECT protocol overview page.

Presentations

• DECT talk at 25C3

Press reports

• ​http://www.golem.de/0812/64331.html
• ​http://www.mitternachtshacking.de/blog/807-25c3-dect
• ​http://www.mathias-schindler.de/2008/12/29/dect-25c3/
• ​http://idw-online.de/pages/de/news295118
• ​http://www.heise.de/newsticker/25C3-Schwere-Sicherheitsluecken-beim-Schnurlos-Telefonieren-mit-DECT--/meldung/120988
• ​http://news.magnus.de/sicherheit/artikel/dect-ist-leicht-abhoerbar.html
• ​http://it.slashdot.org/article.pl?sid=08/12/30/133222
• ​http://www.focus.de/digital/handy/schnurlostelefone-dect-geraete-oft-nicht-abhoersicher_aid_358946.html
• ​http://www.theregister.co.uk/2008/12/31/dect_hack/
• ​http://www.dect.org/UserFiles/file/Press%20releases/DF_Press%20Information_DECT%20Technology_01132009.pdf

Contact

You can contact the team at ​mailto:team@dedected.org. We have a public mailing list running at ​mailto:dedected@lists.gnumonks.org, subscribe by visiting the mailing list page at ​https://lists.gnumonks.org/mailman/listinfo/dedected.

More contact details can be found in the Imprint(Impressum)