DECT Forum investigating security flaw

Telecom Asia Staff
14 Jan 2009

The DECT Forum is apparently baffled by a flaw that allows eavesdropping on encrypted cordless phones using the CAT-iq protocol.

The forum said it is still investigating vulnerability, which was exposed by German researchers at a security conference ten days ago.

The exploit allows users to break into POS terminals and security doors using the DECT and CAT-iq protocols.

DECT chairman Erich Kamperschroer, the forum takes reports of security flaws seriously.

"The DECT Forum welcomes open discussions about how the implementations of the

DECT standard can be improved," he said, adding the forum would seek to collaborate with researchers in an attempt to patch the flaw.

The forum said it was impossible to accidentally eavesdrop on telephone conversations, meaning only "those with a clear criminal intent" would take advantage of the exploit.

The exploit bypasses encryption simply by pretending to be a device that doesn't support it. Most phones are designed with interoperability rather than security in mind, the researchers explained at the time, so will freely drop encryption if the other side can't use it.

Related content

No Comments Yet! Be the first to share what you think!

This website uses cookies

This provides customers with a personalized experience and increases the efficiency of visiting the site, allowing us to provide the most efficient service. By using the website and accepting the terms of the policy, you consent to the use of cookies in accordance with the terms of this policy.