DECT cards for sniffing are selling out
After reports over security holes in DECT (Digital Enhanced Cordless Telecommunication) telephone systems came in from various sources, including the German television magazine "Frontal 21," the prices for the notebook plug-in card "Com-On-air" from Dosch & Amand Systems have risen sharply.
At the CCC-25C3 Congress in late December 2008 it was announced that notebooks running Linux could be converted into portable listening systems for cordless telephones by using the Com-On-Air cards. At the time the dying PCMCIA Type II card standard wasn't very popular, but now these Com-On-Air cards are hard to find. A few days ago the cards were available on eBay for about 20 Euros, now the cards have starting, and "Buy Now" prices, of around 200 Euros. A look at the closed auctions show that these high prices are actually being paid as the demand increases.
There is even an open source project, the dedected project, under way that makes use of the card, although the obvious eavesdropping functions are only a by-product. The goal of the project is to actually create an "open source implementation of the DECT standard," as stated on the project's site. Due to the sudden rarity of Type II cards, efforts are now underway to reverse engineer other cards such as the Com-On-Air Type III card as noted on the project's blog.
- 25C3: Serious security vulnerabilities in DECT wireless telephony, a heise report
- DECT Forum: Cordless phone vulnerabilities present a low privacy risk, a heise report