Analysis: Wireless phone headsets insecure

WASHINGTON, Feb. 1 (UPI) -- Wireless phone headsets of the kind beloved by Wall Street executives and high-end law firms can be bugged by simple off-the-shelf radio scanners unless they are encrypted.

"These guys are bugging their own office, essentially," security consultant Doug Shields told United Press International.

He said that, for a recent client, he had used an inexpensive commercial scanner capable of monitoring frequencies in the 900 MHz and 1.2 GHz ranges, which is where many of the popular hands-free headsets operate.

He said the scanner could hear conversations inside buildings as far as 600 feet away. "Sometimes, when the other party has hung up, the wireless connection remains open and you can hear what (the party at your end) is saying afterwards."

From a position across the street from his client's facility, he said, the equipment was able to record conversations by employees, including commercially sensitive information. "Some of this stuff, if you traded on it, you'd never have to work again," said Shields, a partner in Syracuse, N.Y.-based Secure Network Inc.

Scott Berinato, the executive editor of Chief Security Officer magazine, told UPI he was aware of cases where the technique had been employed, among others, for corporate espionage.

"Some are encrypted, most are not," he said of the commercially available headsets. "The risk is (the difficulty involved in bugging them) is reasonably trivial."

He said "bigger, smarter" firms were likely to have adopted encryption, giving as an example the large pharmaceutical companies, which used encryption even for internal presentations employing wireless microphones.

Buildings could also be shielded, he said.

"More (companies) should be doing it (adopting countermeasures) than are," he said.

Shields said two other countermeasures were spread spectrum and frequency hopping -- both of which break up the transmission in different ways to make it harder to intercept.

But he said most companies seemed unaware of the risks inherent in this kind of technology. "They are focused on other things," he said.

"We use industry-standard security," said Deborah Kline, a spokeswoman for Avaya Inc., a telephone technology company that is one of the makers of hands-free wireless headsets.

But she added, "Industry standards … are not always as secure as we would like."

Bob Hayes, managing director of the Security Executive Council, a membership organization for security leaders in the private and public sectors, struck a more skeptical note.

"There are a lot of threats that are technically possible," he said, pointing out that monitoring telephone conversations that way without permission was a federal crime. "Why would I do that," he asked, "when I could get the same information a dozen different ways?" For instance by going through someone's garbage, pretext phone calling, or eavesdropping on conversations at trade shows.

"If you're doing business that sensitive," he said, "your whole life should be at a higher security level. … Secrets are stolen out of cars … or garbage cans."

He also said that, unless the listeners were "in the right place at the right time," they were likely to get "a lot of pizza orders, bedtime kisses for kids" and other idle chatter.

"Think of it from the spies' point of view," he said. "There's a reason every intelligence agency in the world values human intelligence the most highly."

Jack Johnson, former chief security officer for the Department of Homeland Security and now a partner in the Washington federal practice at Price Waterhouse Coopers, told UPI that, in general when it came to new technology, "ease -of-use considerations tend to trump security."

"It's not until after the technologies are in use that we realize the vulnerabilities," he said.