Interactive decryption of DECT phone calls DEMO

DECT is a widely deployed standard mostly used for short range wireless phones. So far, no method has been published which is able to recover the audio signal in a call that is encrypted and lasts only for a few minutes. In our paper Interactive decryption of DECT phone calls, which is accepted at WISEC 2011, we present a method, that allows to recover the audio signal sent from the phone to its base station in an encrypted call. To do so, we use a replayattack against the phone to recover the key streams which were used to encrypt the call. The method is applicable to short calls too, where not enough keystreams are available to recover the ciphers key using a key recovery attack[2] on DSC. The method is fast and practical and can be executed at very low costs. At the demo session, we will show how an encrypted call between a DECT base station and a phone can be recorded. After the recording is complete, we can start decrypting the call and recovering the audio signal in the call. All we need is a DECT phone, a DECT base station and a PC equipped with a DECT PCI card. Depending on how much time is available, we can also demonstrate other features in the DECT protocol or other tools, which can be used to interact with a DECT network.