Howto:DECT Security
This Wiki article is deprecated and describes end of life products.
Lately, a German TV show has raised some concerns with DECT system security.
Here is a statement from our DECT technology partner Polycom.
Applies To
This information applies to
- IP1200, IP50, IP52, IP54, IP55, IP64(4080)
More Information
Official Statement
This is an official statement from our DECT technology provider Polycom (formerly known as Kirk)
Based on a TV broadcast on ZDF German Television, we have recently received a number of questions concerning the security of a DECT solution. The short version is that the TV program shows how a number of highly educated people from a university environment can "tap" a conversation that takes place on DECT technology with a wireless handset.
First and foremost we would like to point out that this study is made of highly educated people from a university environment, who are experts in IT. So it is thus not as simple as it looks in the TV program. At the same time we do recognize that "tapping" of a DECT solution can take place. However, the "tapped" conversations are all residential conversations in which the person, who leads the conversation, is located in a very small geographic area, as a living room for example.
If a similar "tapping" was to be conducted in a business or, for example a hospital, it would be a lot more complicated. It would require that the person who wants to "tap" a conversation has to be in range of the company building with a directional antenna. At the same time, the person would have to know at all times, where the person - whose phone is being "tapped" - is inside the company - otherwise he cannot determine the directional antenna. Since the idea of being wireless is the ability to be mobile, it is very difficult to point the directional antenna at a person inside the company building - imagine a nurse who constantly moves around a hospital. At the same time, every time a person pass a wall of concrete or a metal rack, then the signal will disappear for the person who is trying to "tap" the conversation. Alternatively, a person who wants to tap a conversation should be located inside the company facility. We are, however, convinced that most people would wonder very much if a strange person closely follows one with a computer and a directional antenna!
There are millions of DECT installations worldwide today and so far there has never been a single case concerning "tapping" of a DECT solution reported! The Polycom DECT solutions are probably the most secure wireless solutions on the market and we want to emphasize that the issues raised by the German TV program are theoretically correct but as you can see from the examples above, it will not be an issue for our professional customers. Polycom of course continues to monitor the security developments for the DECT standard through the DECT Forum.
Some Technical Background
Security always is to be seen as a trade-off between avoiding risks and total cost of ownership (that is, in terms of investment in technology and hardware and also decreased usability).
In the particular case of enterprise DECT, the implementation of voice encryption would imply substantial higher investment in base station hardware. This is due to the fact that encryption on a larger number of channels requires decent hardware support, which would add substantial cost to all radios. This is why it is not present in todays radios. This is not an issue for handsets, as they usually only need to handle one encrypted voice stream at a time.
The DECT protocol implementation used in Kirk/innovaphone DECT products in fact supports voice encryption and thus the handsets can support voice encryption as long as the radios negotiate for it (which is not the case, as explained above). In theory, for exceptional security requirements, voice encrypting 3rd party DECT radios could be used. However, this scenario is not supported by Kirk and therefore by innovaphone.
Then again, comparing it to WLAN, one of the differences certainly is that virtually every computer user has access to WLAN interface hardware that can be used to attack a WLAN system. As opposed to that, appropriate DECT hardware that can be used for a DECT attack is not readily available.
We strongly believe that the approach used in Kirks DECT technology best fits the requirements of our customers.