long before everybody had a smartphone or two, the application of a telephone was much complete stranger than today. a lot of telephones had real, physical buttons. even a lot more bizarrely, these phones were linked to other phones through physical wires. Weird, right? These were called “landlines”, a innovation that shuffled off this mortal coil three or four years ago.
It gets even a lot more bizarre. some phones were wireless — just like your smartphone — however they couldn’t get a signal a lot more than a few hundred feet away from your home for some reason. These were ‘cordless telephones’. [Corrosive] has been working on deconstructing the safety behind these cordless phones for a few years now as well as discovered these cordless phones aren’t safe at all.
The phone in concern for this exploit is a common 5.8 GHz cordless phone from Vtech. traditional wisdom states these phones are fairly safe — at least a lot more so than the cordless phones from the 80s as well as 90s — since extremely few people have a duplex microwave transceiver sitting around. The HackRF is just that, as well as it only costs $300. This was bound to occur eventually.
This is truly just an exploration of the radio system inside these cordless phones. After taking a HackRF to a cordless phone, [Corrosive] discovered the phone technically didn’t operate in the 5.8 GHz band. manage signals, such as pairing a handset to a base station, occurred at 900 MHz. Here, a basic replay assault is sufficient to get the handset to ring. It gets worse: just by checking out the 5.8 GHz band with a HackRF, [Corrosive] discovered an FM-modulated voice channel when the handset was on. That’s right: this phone transmits your voice without any type of encryption whatsoever.
This isn’t the very first time [Corrosive] discovered a total lack of safety in cordless phones. A while ago, he was checking out the DECT 6.0 standard, a European cordless phone common for PBX as well as VOIP. There was no safety here, either. It would be chilling if landlines existed anymore.