About us
Contact us
RSS
Newsletters
Blogs
Video
EVENTS
TOPIC AREAS
RESOURCE CENTRE
The wirecutter
DECT Forum says don't worry
January 23, 2009
Are DECT phones secure? The DECT Forum's response so far leaves a bit to be desired.
AT the end of 2008, German security experts revealed that the DECT wireless system used in vast numbers of cordless phones is vulnerable to attack.
The attack is apparently based around equipment vendors' decision to put usability over security (the phones default to no encryption if they can't set up a secure link), and to use "security by obscurity" (unlike other networks, DECT uses a secret encryption algorithm, so we have no way of knowing if it's secure.
The news comes while what might be termed "DECT 2.0" is on the launchpad. The Cat-iq standard adds more media-friendly features and supports new applications, but it's equally vulnerable, according to the researchers.
The standards' guardian, the DECT Forum didn't respond at the time, but has since brought out a release that is supposed to be consoling.
The DECT Forum assures "takes such reports seriously and will consider these investigations," it says, but estimates that any attacks on DECT phones are unlikely, because " it is a criminal act to eavesdrop telephone conversations". So that's all right then.
The <a href="http://www.dedected.org">Dedected</a> group, that revealed the hack, doesn't think so: " We strongly disagree. The hardware to record phonecalls can be hidden in a small handbag, and thus prosecution is impractical," it says. "The cost for the attack is also very low."
The Forum looks forward to CAT-iq which "has demanded highest possible security protection measures as mandatory," - but ignores the researchers' claim that CAT-iq will be just as vulnerable.
Will there be any follow-up, I ask the Forum's spokesman, Roland Schmidt. "I can't say," he tells me. "There are discussions."
The Dedected group confirms that it is in touch with the Forum. More importantly, it's been contacted by some vendors of DECT equipment.
Far from this being a costly sophisticated hack, Dedected says a newbie who isn't "into the subject" can be recording DECT calls in 30 minutes. "For all the users of DECT technology who do not intend to run a public radio station, and for all the devices we have examied so far, we only have one big fat warning: 'Don't use DECT!'. And together with the DECT forum we hope to be able to update that statement still within 2009."
Posted by: Peter Judge, Techworld
close
close
Email this article to a friend or colleague:
PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.
close
- This article is now being printed.
close
What are your views on this subject? Use the form below to post a comment on this article up to 1000 characters.
close
What is this?
Click below to add 'DECT Forum says don't worry' to your blog.
If you do not have a ComputerworldUK Account and would like to use this feature, please Register.
If you are a registered, logged-in user, this will post the title and first paragraph of this story to your blog to share with your readers.
Comments
Posted by Peter Judge on February 2, 2009 :
That's all folks - my last post on this blog. I'm moving on, and can't bring you news of
- accusations that Cisco's marketing for its new 802.11n access points is misleading:
Cisco's AP has only two transmit antennas, not enough for transmit beam forming, and not enough for the 5dB improvement Cisco claims, according to a blog at CWNP
http://www.cwnp.com/community/articles/will_the_real_beamforming_please_stand_up.html
I've not had a direct response from Ciso, but analyst Craig Mathias says we should expect the Cisco white paper to be re-issued and "give them the benefit of the doubt for the moment".
There's other news on its way, still at the rumour stage now - but that's all from me for now
Peter Judge
Who needs wires? Mobility comes to those who cut the cables.
Email author
Subscribe to the The wirecutter blog RSS feed 
Latest entries
- DECT Forum says don't worry
- Surprise - Xirrus is still there
- Intel gets possessive about Wi-Fi
- Farewell then, UIQ...
- Wireless power sputters on
Previous months
| Jan09 | | | Dec08 | | | Nov08 | | | Oct08 |
| Sep08 | | | Aug08 | | | Jul08 | | | Jun08 |
| May08 | | | Apr08 | | | Mar08 | | | Feb08 |
| Jan08 | | | Dec07 | ||||
Other blogs
- A cog in the wheel
- Anatomy of a Project
- Casting the Net
- Defragging the enterprise
- From the corner office
- Half-eaten cake
- Hobson's choice
- How green is my valley?
- One man, one desk, one chainsaw
- Storing up Trouble
- Technically speaking
- The Blue Screen
- The Burton blog
- The green screen of death
- The War on Error
Mobile Computing & Wireless Networking topics
3g,
802.11b,
802.11g,
Access point,
Mobile network,
RFID,
WEP,
Wireless access,
Wireless LAN security,
Wireless network,
Wireless networking,
Wireless security,
Wireless solution,
Wireless technology,
WLAN
All topics »
WHITE PAPERS
- Outthink the Threat
Discover how cyber-criminals are rendering traditional security solutions ineffective - and stealing your valuable business & customer data. - How to Protect Growing VMware Environments
Put the power of simplicity to work on vmware backup and recovery. - The Five Keys to Organic Growth
When it comes to organic growth, is your organization acting like a true predictive enterprise? - Using Social Enterprise Applications to Enable the Next Wave of Knowledge Worker Productivity
On the face of it, social software seems an unlikely example of enterprise collaboration. Aren’t social networks a fad? What does sharing photos or connecting with college buddies have to do with getting work done? - New Insider Threat Emerges in the New Economy
To neutralize the threats posed by insiders with ample motivation, IT departments must take away the means and the opportunities to commit crimes. Understand how employees and partners are engaging with your IT assets and intellectual property.
Techworld topic pages
IDG Tech Network
-
http://www.fstech.co.uk/
FST Financial Sector Technology: a leading business title for IT decision makers in the UK and European financial services sector
|
|
- About Techworld | Contact | Privacy Policy | About IDG | All contents © IDG 2009 | webmaster@techworld.com
- Infoworld | Networkworld | Tecchannel | Techworld Netherlands | IT World Canada