Vulnerability Development mailing list archives
Re: Phone Switches + telephone banking etc
From: "digitalFX" <xfarrell () ddisp net>
Date: Fri, 7 Jun 2002 19:23:36 -0400
Cordless phones are a risk themselves for anything you don't know want anyone else to know about. The old original cordless phones are not that powerful, but many of the 900Mhz phones that are out there and still widely used, can be picked up from blocks away with nothing but a scanner you can buy from Radio Shack. I don't know about you, but all my banking is done on a hard wired phone. Better to be safe than sorry. ----- Original Message -----
"Kayne Ian (Softlab)" wrote:->I know many banks ( at least in the UK) will say not to use their service through cordless phones, maybe they should increase to includeWhy's that? I've never heard of a bank making that statement. A cordless phone is pretty much a minor risk anyway, if someone wanted to go to the trouble of listening in to your call to the bank, they'd be better off splicing the phone line outside your house. IIRC DECT fones are
scrambled in
some way, so you can't just tune in with a reciever. Non-DECT fones have enough trouble finding the base station and making a clear call through
even
paper thin walls, so someone sitting outside your house is unlikely to
get
anything through a few layers of concrete...if you phone HSBC in the UK and ask to change your "security number" they will ask you if you are on a cordless phone or a mobile. Remember the "old" cordless phones that could be eaves dropped accidentally ? ( or with a scanner from maplins ) Now DECT phones are all the rage I suppose the question is irrelevant ( also GSM mobiles are supposedly encrypted anyway) I just phoned HSBC's telephone banking division and their policy is that "you should not use cordless or mobile phones when setting or resetting security features" though they couldn't tell me where to find a doc on this. My original take on this issue was merely that the key press records are a hell of a load more sensitive than people believe. Q -- ##################### Quentyn Taylor Sysadmin - Fotango ##################### "With hindsight, the decision sucked. But that's the benefit of hindsight. When you use it, all decisions suck." Giles Todd
Current thread:
- Phone Switches + telephone banking etc quentyn (Jun 06)
- RE: Phone Switches + telephone banking etc Kit (Jun 06)
- <Possible follow-ups>
- RE: Phone Switches + telephone banking etc Kayne Ian (Softlab) (Jun 07)
- Re: Phone Switches + telephone banking etc quentyn (Jun 07)
- Re: Phone Switches + telephone banking etc hellNbak (Jun 07)
- Re: Phone Switches + telephone banking etc KF (Jun 10)
- Re: Phone Switches + telephone banking etc digitalFX (Jun 07)
- Re: Phone Switches + telephone banking etc quentyn (Jun 07)
- RE: Phone Switches + telephone banking etc ash (Jun 08)
- RE: Phone Switches + telephone banking etc Jacek Lipkowski (Jun 10)
- RE: Phone Switches + telephone banking etc Vachon, Scott (Jun 07)
- Re: Phone Switches + telephone banking etc Dave Booth (Jun 07)
- RE: Phone Switches + telephone banking etc Tony Camp (Jun 07)
- RE: Phone Switches + telephone banking etc Mike Theriault (Jun 09)
- RE: Phone Switches + telephone banking etc ash (Jun 09)
- RE: Phone Switches + telephone banking etc Kayne Ian (Softlab) (Jun 10)
- RE: Phone Switches + telephone banking etc Stuart Adamson (Jun 12)