Sniffing DECT Phones with BackTrack

OffSec Team

1 min read

BIG FAT HAIRY NOTE: IT IS ILLEGAL TO RECORD PHONE CONVERSATIONS IN MANY COUNTRIES. For a list of state privacy laws in the US, click here and here.

Thanks to 5m7x, dedected is soon to be added to the BackTrack repositories. In our internal tests, the standard AT&T cordless phone was found not to use encryption. The recording quality was phenomenal – you can find a copy of this recording ~~here~~.

All your DECT are belong to us ?

Stay in the know: Become an OffSec Insider

Get the latest updates about resources, events & promotions from OffSec!

Latest from OffSec

Research & Tutorials

CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation

Read about an LFI vulnerability disclosed in MLflow which allowed unauthenticated remote attackers to read arbitrary files by exploiting URI fragments containing directory traversal sequences.

May 15, 2025

3 min read

Research & Tutorials

CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution

A critical SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise.

May 8, 2025

2 min read

Research & Tutorials

CVE-2025-29927: Next.js Middleware Authorization Bypass

In this CVE blog, we explore a vulnerability in Next.js stemming from the improper trust of the x-middleware-subrequest header.

May 1, 2025

3 min read

View all blogs

New course! SJD-100: Secure Java Development Essentials

Sniffing DECT Phones with BackTrack

Stay in the know: Become an OffSec Insider

Latest from OffSec

CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation

CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution

CVE-2025-29927: Next.js Middleware Authorization Bypass