Wednesday, April 8, 2009

Tonight on Dutch television, NOVA: Het afluisteren van DECT-telefoons

In other words, some Dutch media attention on DECT eavesdropping. There has been very little coverage of DECT security issues in the Dutch media, so I’m hoping this broadcast will change that.

DECT sniffing has become easier since my last post. COM-ON-AIR prices seem to be going down again on eBay and people are selling pre-made boot CD’s for DECT sniffing. So no Linux installation necessary anymore, someone can simply buy a COM-ON-AIR card and a CD, pop both of them in a laptop and start sniffing. Needless to say, eavesdropping on your neighbours conversations is illegal, so only use this if you have permission.

I purchased a couple of cards for Fox-IT shortly after the issue became public. As a part of penetration tests, I have already tested DECT security at some of our customers. The results are pretty much as you would expect.

Update: Some shocking details from the broadcast: phone conversations of the Dutch IRS (Belastingdienst), the police, a hospital and a Dutch government minister all can be easily intercepted. First viewer reactions on the NOVA site are of course 'Where can I get one of those eavesdropping things, it sounds like fun'.

Update2: It looks like the media coverage has arrived!


Sniffy said...

Ach met GSM's kan het ook, is alleen wat duurder (€250), zie en .

Niels Teusink said...

Dat klopt, maar daarvoor moet je software op de af te luisteren telefoon installeren. Dat is wel even wat anders dan het signaal uit de lucht pikken!

Er zijn andere kwetsbaarheden die het passief afluisteren van GSM mogelijk maken, maar dit is op dit moment een stuk complexer en duurder dan het afluisteren van DECT.