This is horribly weak.

First off, the open source linux telephony engine is called "Asterisk", not "Asterix".

Secondly, the statement "...by diverting data to an Asterix (Linux-based software PBX), where crypto isn't supported so that conversations default to plain text, cryptographic researchers discovered." is no "discovery" by any means. Not being able to defeat DECT head on, but running it though MOST PBX engines based on the SIP protocol, which is used by an incredibly large number of PBX systems, is as worthless an observation as stating "clipping a telephone test set in line with the DECT device also allowed bypassing DECT".

Sniffing a SIP/RTP based call has nothing to do with DECT, is not specific to Asterisk, is not a "discovery", and seems only to serve here as some attempt at validating research that yielded no real discoveries about cracking DECT.

....but it makes for good copy and might entice politicians to fall over themselves to pass a new law against "DECT sniffing"

And it surely is not an "Asterix" otherwise the copyright nazis from Editions (Robert? Albert?) Goscinny would be in touch in a heartbeat, as anyone who remembers what happened to "Mobilix" knows.

Has always worked nicely...

There is already laws against sniffing in general... It's called communication tampering and it may be letters, phones, smoke signals... it's generic... and guess what... is forbidden almost everywhere...

No new laws are needed thank you.

Now, lets get the politicians back to their posh cabinets and stop bugging the citizens with useless laws.

There are too many of them already!

p.s.- burn because loads of laws need just that... starting with the "terrorism" and the "protect the children" ones...

Yet another story on the reg about some security being broken, "oh noes!!! we're all going to die! somebody think of the children".... and it turns out that it's not really broken at all.

I RTFA instead of relying on ElReg's interpretation...

the crackers seems to have done two things

the first was simply interecept an unencrypted wireless telephone conversation, not particularly hard with a digital receiver on the right frequency with the right codec

the second was a classic man-in-the-middle attack. basically they created a fake dect "access point" (i.e. a telephone base station) which didn't do encryption or strong authentication, and relied on the handsets to not report this, so that when a call was made they could simply intercept the audio stream.

in both cases, it relies on the designer of the handset and base staton having been lazy - either not actually doing any encryption at all, or being careless with authentication! snag is with any consumer electronics, it's all proprietary stuff with no technical documentation, so we're unlikely to find out until it's too late whether our phones are vulnerable or not.

What I want to know is which makers have cut corners. I suspect we'll only know when their hands are forced by hackers publishing a list. I have a Siemens S685IP, and Siemens do occasionally release firmware updates for it since it has an internet connection; I would hope that if it is vulnerable, it will be fixable and fixed - quite possibly the DECT part will rely on an ASIC whose algorithms are burned into to mask ROM and cannot be changed :-(

It's pretty much like the car whisperer hack which allows you to take over someone's bluetooth headset!

Paris - because even she knows that telephones are not secure

quantum encryption?

(With auto adjust)

...all private phone calls in the UK must be routed via the Parliament switch-board. This will make it easier for your benefactors to keep tabs on you and also help us in our bid to stamp out cyber-crime (look out for the kids et al).

Please keep all phone calls to 3 minutes or less. Please book ALL calls 3 weeks in advance by ringing the Parliament switch-board, err oops!

Please, no emergencies outside normal business hours (10am to 3pm - including lunch from 12 to 2)

If I revert back to calls using 2 empty jam tin cans and a length of string, and the tins/string is made in China, will I be safe from the Chinese hackorz?

great answer, but totally flawed

1. UDP is not designed for redundancy, that's the job of TCP. And in voice, it's too slow. If you are on about multiple streams, then latency & reassembly would be a nightmare and make the point of using UDP (fast, low latency , low bandwidth commincation) pointless.

2. "Essentially you would dial the IP-number of the other station". So you like to dial 0123456789@2001:db8:85a3:0:0:8a2e:370:7334? Catchy. If you mean something like fred@home.com then that's what SIP does for you. e.g SIP:fred@home.com or sip:0123456789@192.168.1.5

3. The whole point of the article is that they are able to intercept the calls!

Part from that, spot on.