Security of DECT & Bluetooth Headsets
Whether using a Bluetooth or DECT headset, there is often concern for security of data and potential data breaches. Network security is of the utmost importance, yet wireless networking is continually recognized as a potential threat. Organizations often worry that others may be able to tap into their calls through a wireless connection, and want to know how this can be prevented.
DECT Headset Security
DECT technology has become the global standard for secure business wireless phone communications and uses a 64-bit encryption. The DECT security chain is made up of three main processes, listed below:
The DECT Security Chain
In order for a DECT headset and base station to pair, they first need to validate each other with a matching 4-digit PIN code. An automatic process known as ‘easy pairing’ is used in most DECT headsets, enabling pairing to start without the user having to manually enter a PIN code.
When validation is complete, pairing can initiate. This process is driven by an algorithm only available to DECT manufacturers, called the DECT Standard Authentication Algorithm (DSAA). The algorithm is executed simultaneously in the headset and base using the 4-digit PIN code and a random number stream. The results of the algorithm are exchanged and must match for successful pairing.
The Key to Keeping out DECT Intruders
Another output of the DSAA algorithm is the Master Security Key (also known as the 128-bit UAK). The Master Security Key is used in all subsequent DECT security procedures. It is critical to keep the Master Security Key protected from potential intruders, as it could be used to compromise the security of a DECT communication system.
It is a DECT requirement that the PIN code and Master Security Key are never exchanged ‘over the air’. However, some DECT devices transfer the data used to calculate the Master Security Key wirelessly. This opens up the possibility of an attacker ‘sniffing’ the pairing data. With EPOS DECT products, the Master Security Key is stored on the devices and never transmitted over the air, providing the best in class security against any kind of unauthorized access.
Bluetooth Headset Security
Bluetooth is a low-power, low-cost technology that facilitates small networks between a wide variety of devices and is commonly integrated within many types of business devices, including wireless headsets. In order to establish a secure wireless connection, the authentication of a Bluetooth headset goes through a number of stages. The process of Bluetooth authentication works by firstly establishing an authenticated connection with the base by pairing, similar to a DECT device.
Validation and Pairing
A secure connection can only be gained once the pairing process takes place. The headset then turns voice into digital data, encrypts it, and passes only the encrypted data back to the base, making the conversation highly secure.
To improve security (and to minimize the risks of interference from other electrical appliances), pairs of Bluetooth devices constantly shift the frequency they’re using, thousands of times a second.
The Bluetooth encryption function generates 128-bit encrypted data from a 128-bit key and 128-bit plain text data (unlike DECT’s 64-bit encryption). Because the audio is coded and encrypted digitally, this makes it incredibly difficult for somebody to listen in on a call.
Common Attacks on Bluetooth Headsets
This requires an attacker to have the ability to both monitor and alter or inject messages into a communication channel, such as active eavesdropping.
By secretly listening by using a sniffing device to a private communication without consent.
Third-party devices associating the source addresses of the devices that are sending the data to the identity of a user and tracking the user by that address.
How EPOS Combats Vulnerability in the Security Chain
The pairing process of a headset to a base station is the backbone of a wireless communication system’s security and proves to be the key to security in EPOS’s DECT devices. Rather than transferring pairing data ‘over the air’ and opening up the possibility of an attacker ‘sniffing’ the pairing data, the charging terminals are used for data communication. This means that an EPOS DECT headsets need to be physically docked in an EPOS base, for the registration and security bindings to be established. This makes it virtually impossible for a third party to intercept the pairing data from a remote location. Bluetooth headsets do pair over the air, but EPOS minimize the risk of air attack by deliberately reducing the radio transmission power during the pairing process. This drops the signal to an effective maximum range of approximately 20 cm. This makes interception of the data transmitted during pairing by a sniffer device extremely difficult.
How Do DECT & Bluetooth Headsets Compare?
Bluetooth headsets are great for the multi device user as they can connect to a user’s mobile phone, computer & tablet. For desk or computer-based phones, a DECT headset is ideal for providing a secure solution and has a far greater range than Bluetooth; approximately 100 meters (the Bluetooth range varies depends on the class of model being used.) DECT supports much higher user densities than Bluetooth. User density is the number of live devices that can operate concurrently in a given area without experiencing radio interference issues and the resulting degradation of audio and link reliability. DECT is recommended for a Contact Centre environment where a lot of headsets are active at one time. EPOS offers a selection of wireless office headsets that support both the Bluetooth and DECT standard, ideal for markets requiring secure solutions, such as healthcare, government, financial and legal sectors. EPOS offers premium audio quality and effective noise cancellation to benefit situations where sensitive details must be communicated efficiently, whilst maintaining the safety standards set by Bluetooth and DECT.