Dect phones open to eavesdropping

Powered by SC Magazine
 

Attackers can intercept calls.

Failure to enable an encryption option in Digital Enhanced Cordless Telecommunications (Dect) phones can allow an attacker to overhear and record calls.

ProCheckUp researcher George Christopoulos demonstrated the attack to SC and said the problem was that the manufacturers did not enable encryption as standard, despite users believing that it is ‘super secure'.

“We started looking at this a couple of years ago and it is easy to accomplish eavesdropping on any conversation," Christopoulos said.

He explained that each phone has 10 frequencies and its own range. Attackers would find the best frequency to "lock on".

A capability using a rooted booster could allow an attacker to detect the connection and listen to all calls that have been made. Christopoulos said that this attack was completely transparent to the victim.

The PCMCIA type 2 booster card is now difficult to find and was produced as a way to improve signals over a wider area.

Christopoulos said the shell would show a call was made, reveal the identity of the Dect phone base station and begin recording the call.

He explained there was no recoding limit adding the auto record function could begin when new calls were placed, without intervention.

“If encryption is in place, then the same thing happens with auto record but the call will be silent when they play it back. However this is not bullet-proof, as an attacker can build a rogue base station that your handset will try to connect to,” he said.

He also explained that Dect phones have no mutual authentication or certificate to their individual base stations.

“Everyone should be more concerned about the dangers in the technology that we are using.”

Christopoulos began the experiment three years ago using the top 10 Dect phones from Amazon.

He said that the majority were susceptible to attack as they did not use encryption.

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition


Dect phones open to eavesdropping
 
 
 
Top Stories
First look: Microsoft Outlook for iOS
[Update] Office productivity suite for iOS completed with Outlook.
 
NewSat defaults on $26m in overdue Lockheed payments
Jabiru-1 satellite build hits further hurdles.
 
IBM denies plans to cut 112k jobs
But admits to further restructuring.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  36%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 3084

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 981

Vote