Date: May 6, 2009

A few weeks ago, a group of researchers (TU Darmstadt) highlighted a number of vulnerabilities in the DECT standard.

By using a ComOnAir card together with specially-written software, hackers were able to intercept unencrypted DECT calls. Since then, ComOnAir cards are changing hands at 10 times their retail value.

Regrettably, a patent application from Alcatel provides information about DECT encryption. One must therefore assume that, given sufficient computing capacity, it would also be possible to listen in on encrypted DECT systems.

However, as things stand, encrypted DECT systems are still seen as relatively secure.

Furthermore, reports from the media that encrypted calls have also been intercepted must be put into perspective: such cases involve the use of a proprietary intercept base station that asks the client units to transmit in plain text.

Summary:
With sufficient criminal effort and the appropriate hardware and software, unencrypted calls from CeoTronics DECT systems may also be intercepted.

Interception is possible only within the DECT transmission range. Mobile use or use on vast company premises will make interception nearly impossible.

However, customers may ask for their CeoTronics DECT systems to be supplied encrypted, ensuring they remain proof against interception.

CeoTronics DECT systems are not simple wireless telephones. A proprietary system is used to set up conferences in the base modules. Any attempt to build an intercept base station will therefore require CeoTronics-specific information. But even with a rebuilt CT-DECT Basestation the encryption is not at stake.

CeoTronics DECT systems that use encryption generate a new key for every new connection.

A 3 GHz Pentium 4 computer is able to try 2 x 10⁶ keys per second. Accordingly, in a worst-case scenario, the 64-bit key used by CeoTronics would be cracked after "only" 292,000 years.

CeoTronics AG, Rödermark, May 6, 2009
Berthold Hemer
Vice-Chairman of the Board