Cordless Phones

Cordless telephones are great little step savers, but can be bad for privacy and security as the transmissions can be received up to a mile away. With the cheapest analog phones, anyone with a radio scanner in the general neighborhood of your phone can tune into your telephone's transmitting frequency and listen in on your conversations. Conversations may also be overheard on other phones or even picked up on baby monitors.

Cordless microphones used at meetings and conferences present a similar problem. They transmit crystal clear audio to any outsider who may have set up a listening post within a range of about a quarter mile. Many speakers prefer the mobility and flexibility provided by a cordless microphone, but such a microphone should not be used for any presentation of sensitive information.

The more you pay for a cordless phone, the more you get in security as well as range and sound quality. Digital phones are more secure because a casual or accidental eavesdropper would hear the digital noise rather than voice (much like the shrill sound you hear when you dial a phone number and get a fax machine rather than a person). Any radio hobbyist can, however, readily obtain equipment to convert the digital transmission back to voice.

Most secure are the digital spread spectrum 900 MHz and 2.4 GHz cordless phones. These use a broad bandwidth that cannot be monitored effectively by a typical radio frequency scanner. As with any radio transmission, however, it can be monitored by a determined professional.

Additionally, a cordless phone involves some financial risk. Anyone with a "like" cordless telephone can attempt to steal your dial tone and place a call leaving you with the bill. It works like this: a "bad guy" grabs his own cordless telephone and takes a drive in his car. He drives up and down the residential streets in your neighborhood with his telephone "on." When his telephone receives a dial tone, he has effectively located a telephone base unit that is compatible with his telephone. He then can dial any number he wants and can talk for virtually hours leaving the bill to his unsuspecting host. Even if his host were to pick up the telephone and discover someone else on the line, the host may not know how their telephone is being attacked (or know to look outside for someone parked on the street).1

Many cordless telephones are designed with security code options. However, the factory-set codes are well known, and most people don't bother to change them from the original factory setting. In the scenario above, the security code doesn't really matter. The bad guy merely drives until his telephone and code matches with some host with the same factory-set code. This still results in invasion of privacy and possibly an unexpected telephone bill.

1. Paul F. Barry & Charles L. Wilkinson (Trident Data Systems), "Invasion of Privacy and 90s Technologies," Security Awareness Bulletin, No. 2-96. Richmond, VA: Department of Defense Security Institute, August 1996.




The Chroma Group, Ltd.