DECT Forum: Cordless phone vulnerabilities present a low privacy risk
The DECT Forum, the international association of the home communications industry, holds that the risk, due to the vulnerabilities discovered in the communications between DECT handsets and base stations, is low. The Forum said "It is impossible to accidentally eavesdrop on telephone conversations and therefore the risk for users is very low" and re-stated that it is a criminal act to eavesdrop on conversations over DECT based telephones. "Only those with a clear criminal energy and intent and a sophisticated knowledge would be capable of eavesdropping" said the Forum's statement.
Researchers at the Technical University of Darmstadt had showed that it was possible, using an inexpensive laptop card and Linux computer, to intercept DECT calls when the negotiation between the phone and basestation did not authenticate or use encryption, a situation that was according to the researchers, quite common.
The DECT Forum also said in the statement that they would be examining the research. Eric Kamperschroerm, Chairman fo the DECT Forum added "The DECT Forum welcomes open discussions about how the implementations of the DECT standard can be improved. Therefore we are looking forward to collaboration with researchers in order to discuss their research results and find measures on how to further improve a reliable and mature technology that is used worldwide every day by millions of users." The statement also pointed to the Forums mandatory requirements for the "highest possible security protection measures" for Cat-IQ (Cordless Advanced Technology - internet and quality), the successor standard to DECT.
- 25C3: Serious security vulnerabilities in DECT wireless telephony, heise Security report