DECT Forum's low key response to security problems

Stuart Corner
Wednesday, 14 January 2009 04:02

Business IT - Technology

The DECT Forum, the body responsible for the DECT cordless telephony technology, has made a low key response to claims that conversations over DECT phones can be easily and cheaply intercepted, and has taken the opportunity to promote the successor to DECT, CAT-iq, claiming it will be much more secure.

In a presentation to the 25th Chaos Communication Congress (25C3) in Berlin in December Andreas Schuler, Erik Tews from the Technical University of Darmstadt, and Ralf-Philipp Weinman from the explained how DECT conversations could be intercepted using a 23-euro VoIP laptop card and a Linux computer if, as is frequently the case, DECT encryption is not activated.

Even where a conversation between a DECT handset and its base station was encrypted, the card was able to deactivate the encryption by pretending to be a base station, they claimed. However, they were unable to crack the DECT encryption algorithm details of which, unlike its GSM counterpart, are not made public.

In response to these claims the DECT Forum has now issued a statement saying it takes the reports seriously. "The DECT Forum welcomes open discussions about how the implementations of the DECT standard can be improved", said Erich Kamperschroer, chairman of the DECT Forum. "Therefore we are looking forward to collaboration with researchers in order to discuss their research results and find measures how to further improve a reliable and mature technology that is used worldwide every day by millions of users."

However it did not indicate great concerns that DECT users' conversations could be vulnerable, or suggest any measures used could take to protect themselves, for example at least ensuring that encryption was activated on their products.

The Forum also pointed out that its new technology, CAT-iq (Cordless Advanced Technology - Internet and Quality), the successor of DECT, would include "the highest possible security protection measures as mandatory" and would be "implemented into a globally applicable standard."

CAT-iq was announced in December 2006 and the DECT Forum expects that cordless DECT phones will be replaced by CAT-iq handsets and that most future telephones will be CAT-iq enabled, including PSTN phones. Legacy DECT base stations and WiFi modems will be replaced by DECT/CAT-iq enabled voice and data gateways.

In its most recent, November 2008 market forecast the DEC Forum was predicting a rapid growth of CAT-iq enabled gateways, reaching more than 65 million home gateways in 2012. It expected CAT-iq enabled handsets to follow a similar trend with growth to 115 million devices by 2012. DECT handsets, however are presently selling at the rate of over 100 million per year.

According to the Forum, "CAT-iq has been developed in particular to support the transformation of global telecommunication networks from the 'Plain Old Telephony System' (POTS) to 'All-IP' networks." It adds that "The transformation, which is already happening, will see its completion in some countries in 2010 and therefore the DECT Forum expects that the deployment of CAT-iq will increase significantly from 2010."

Siemens Gigaset claims that it had the first CAT-iq-certified cordless phone, the Gigaset S675 IP, and claims to be "leading the way in the development of advanced CAT-iq services, such as weather forecasts, online phonebooks, RSS feeds and wideband audio technology such as High Definition Sound Performance (HDSP)."