Are DECT phones secure? The DECT Forum's response so far leaves a bit to be desired.
AT the end of 2008, German security experts revealed that the DECT wireless system used in vast numbers of cordless phones is vulnerable to attack.
The attack is apparently based around equipment vendors' decision to put usability over security (the phones default to no encryption if they can't set up a secure link), and to use "security by obscurity" (unlike other networks, DECT uses a secret encryption algorithm, so we have no way of knowing if it's secure.
The news comes while what might be termed "DECT 2.0" is on the launchpad. The Cat-iq standard adds more media-friendly features and supports new applications, but it's equally vulnerable, according to the researchers.
The standards' guardian, the DECT Forum didn't respond at the time, but has since brought out a release that is supposed to be consoling.
The DECT Forum assures "takes such reports seriously and will consider these investigations," it says, but estimates that any attacks on DECT phones are unlikely, because " it is a criminal act to eavesdrop telephone conversations". So that's all right then.
The <a href="http://www.dedected.org">Dedected</a> group, that revealed the hack, doesn't think so: " We strongly disagree. The hardware to record phonecalls can be hidden in a small handbag, and thus prosecution is impractical," it says. "The cost for the attack is also very low."
The Forum looks forward to CAT-iq which "has demanded highest possible security protection measures as mandatory," - but ignores the researchers' claim that CAT-iq will be just as vulnerable.
Will there be any follow-up, I ask the Forum's spokesman, Roland Schmidt. "I can't say," he tells me. "There are discussions."
The Dedected group confirms that it is in touch with the Forum. More importantly, it's been contacted by some vendors of DECT equipment.
Far from this being a costly sophisticated hack, Dedected says a newbie who isn't "into the subject" can be recording DECT calls in 30 minutes. "For all the users of DECT technology who do not intend to run a public radio station, and for all the devices we have examied so far, we only have one big fat warning: 'Don't use DECT!'. And together with the DECT forum we hope to be able to update that statement still within 2009."