Posted by: Tony Bradley
attack, DECT, eavesdropping, VoIP, VoIP security
I have DECT cordless phones in my home. I didn’t really get them for the security factor per se. I bought them because their operation isn’t impacted or interfered with by wireless networks, microwave ovens, or baby monitors. I was tired of having 27 different devices all competing for the same frequency range and having my wireless network lose the battle more often than not.
Regardless though, DECT handsets were also notable for the claimed security of the communications. Apparently though, the security is based more or less on security-by-obscurity. Essentially, the communications aren’t encrypted or authenticated in any way, but the DECT algorithm was kept private so that was meant to prevent attackers or eavesdroppers from breaking into the communications.
Well, it would at least prevent novice or poorly funded attackers. A team of researchers had previously demonstrated that an attack was possible using expensive sniffer tools. However, that same research team has now devised a method for eavesdropping on DECT conversations ‘MacGyver style’ using a modified off-the-shelf VoIP card with a laptop.
I guess my conversations about what to get at the grocery store, or how the weather is at my in-laws house are no longer guaranteed to be private. But, on the bright side, they still don’t interfere with my wireless network.