We present a novel attacking scenario to break into secured DECT-GAP communication. To demonstrate the feasibility of our attack, we propose a brute-force architecture to efficiently recalculate all communication-related shared secrets between the DECT base station and handset. The efficiency of our architecture is demonstrated by a highly pipelined, multi-brute-force-component FPGA implementation. It exploits common weak random number generators implemented at the DECT base stations and a weak authentication scheme between the DECT base stations and their handsets.
Download Full PDF Version (Non-Commercial Use)