DECT Forum investigating security flaw

The DECT Forum is apparently baffled by a flaw that allows eavesdropping on encrypted cordless phones using the CAT-iq protocol.

The forum said it is still investigating vulnerability, which was exposed by German researchers at a security conference ten days ago.

The exploit allows users to break into POS terminals and security doors using the DECT and CAT-iq protocols.

DECT chairman Erich Kamperschroer, the forum takes reports of security flaws seriously.

"The DECT Forum welcomes open discussions about how the implementations of the

DECT standard can be improved," he said, adding the forum would seek to collaborate with researchers in an attempt to patch the flaw.

The forum said it was impossible to accidentally eavesdrop on telephone conversations, meaning only "those with a clear criminal intent" would take advantage of the exploit.

The exploit bypasses encryption simply by pretending to be a device that doesn't support it. Most  phones are designed with interoperability rather than security in mind, the researchers explained at the time, so will freely drop encryption if the other side can't use it.