Showing posts with label DECT. Show all posts
Showing posts with label DECT. Show all posts

Tuesday, March 3, 2009

Analog Cordless Phones - "Throw the bums out!"

"I do all my banking on the phone. A friend told me my cordless phone was a security risk because I have had it for quite a few years. Is she right?" T.Y., Durham

Simon Moon from This is Money replies: I put your question to First Direct, which has 1.2m customers who run their accounts by phone or online.

It pointed to a possible risk from using a non-digital cordless phone when speaking to your bank.

First Direct said: ...'In addition to ensuring that nobody nearby is listening in, customers should be aware that older generations of cordless telephones (so-called analogue cordless) are potentially susceptible to eavesdropping by someone with an appropriate receiver.

'The majority of home cordless phones sold over the past few years are digital and are far less vulnerable to eavesdropping than the older type.' (more)

Cordless Telephone Security 101
Some people are still unaware it is fairly easy to eavesdrop on the older cordless phones. Amazing. Even more amazing, however, is that conversations made with some of the new 2.4 GHz and 5.8 GHz are just as easy to intercept! These phones may say "digital" but the wireless portion of the voice channel is still FM analog transmission.

How can you tell the difference without hiring us?
Easy. Simply make a call and walk away from the base part of the phone. If you start to hear static and fading, one or both parts of the transmission path is using FM analogue modulation; an eavesdroppers delight. If your call suddenly ends, it is most likely digital modulation.

Your call ends abruptly. Are you safe? Not yet. Digital transmission is eavesdropper-resistant, not eavesdropper-proof.

Phones using the
Digital Enhanced Cordless Telecommunications (DECT), for example, use digital encryption... which can now be hacked.

Cordless phones which use
Digital Spread Spectrum (DSS) modulation are very secure if the circuit was designed properly. Unfortunately, we have found a few DSS models where the manufacturer economized to the point of making the circuit unbalanced, thus making interception possible again. Most DSS cordless phones, however, provide an adequate level of security for the average user.

Still concerned?
Want to know for certain if your cordless phone is a leaker?
Have it tested.

Murray Associates has a flat fee ($99.00) evaluation program.
Your phone, cordless or hardwired (no cellular at this time), is inspected by a Murray Associates certified technical investigator, using over $120,000.00 of lab instrumentation.

Inspection Protocol:
• Open, and examine phone for bugging devices and tampering.

• Reassemble phone and discretely seal it with serial numbered security tape. This is done to detect and deter future tampering.
• Electronically test the phone using a professional telecommunications analyzer (instrument and test details here)
• Cordless phone wireless transmissions are viewed and analyzed using a Real-Time Spectrum Analyzer (instrument details here).
• Corded phones are also checked for unintended emissions.


Phones are returned with a written report, and an eavesdropping vulnerability rating. Reports detail vulnerabilities discovered and make recommendations for improving security. Turnaround time is typically one week or less. Contact Murray Associates for further details.

Corporate clients have been using this inspection service for years. They send in brand new phones for inspection and sealing, then keep them on-the-shelf as instant replacements in environments we previously secured for them!

Tuesday, January 13, 2009

Well, duh... DECT

The DECT Forum, the worldwide association of the home communication industry, has taken note of reports about possible security issues of DECT wireless telephony systems. The DECT Forum assures that it takes such reports seriously and will consider these investigations...

The DECT Forum also states that it is a criminal act to eavesdrop telephone conversations. It is impossible to accidentally eavesdrop on telephone conversations and therefore the risk for users is very low. Only those with a clear criminal energy and intent and a sophisticated knowledge would be capable of eavesdropping. (more)
I feel better now, don't you?

Tuesday, December 30, 2008

Alert: DECT Hacked

Heise Security is reporting that... researchers in Europe's dedected.org group have published an article (pdf) showing how to eavesdrop on DECT transmissions, using a PC-Card costing only EUR 23. The DECT protocol is the world's most popular wireless telephony protocol. The standard is also used in baby monitors, emergency call and door opening systems, wireless debit card readers and even traffic management systems. There are hundreds of millions of terminals using the DECT standard. Also announced, the next version of the WLAN sniffer, Kismet, will support DECT, thereby rendering tricks with laptop cards superfluous. (more)