We all have these at our desks. Not the bluetooth guys for your [tag]phone[/tag] (we could talk about that for a while), but the 900MHz headsets that your company gave you for those long and annoying calls with the boss. These things rocks, but they are oh-so [tag]insecure[/tag].
A coworker who fields support calls has one, and we decided to see how far we could go with these. We were shocked to discover that he could field a call 2 full stories downstairs from his desk. I was able to take mine 1 story away without even a single bit of static in it. I’m sure I could have taken it farther, but construction kept me from going any farther.
So, what, you say? The [tag]headsets[/tag] can only talk to their own base station, right? Well, yeah, but that doesn’t really mean much. The correct question to ask is whether or not the data is encrypted, and the answer is no. Let’s do the math, then:
No Encryption + Long Range = DANGER!
Check out this article from Steve Stasiukonis of Secure Network Technologies, Inc. In his job as an auditor, Steve discusses how he was able to gather confidential information by listening to wireless headsets in an office and use that information to gain access to the building for three days!
The moral of the story: Protect your data — no matter what kind of data it is.
The second moral: Assume everything is insecure unless demonstrated to be secure.