The short answer: if it's a digital phone, even being able to lock on to the spread-spectrum hopping pattern with an analogue scanner won't give you anything more intelligible than something akin to modem noise. Basically, if you don't have the same hardware used to digitally encode the speech, you won't be able to decode it.

The longer answer: having said that, all spread-spectrum cordless phones widely (note the use of that word) on sale today can be listened in to by LEOs with the appropriate equipment. Chances are that your coworkers don't have the equipment necessary to do so - though if you work for a company involved in telecommunications or wireless networking hardware development, your hardware engineers may.

Most of the cordless phones out there that claim to offer digitally-encrypted connections between the base and handset don't. These phones are easy to spot: somewhere in the specs or ad bumpf for them there's usually a claim made to the effect of, 'this phone has n-thousand or n-million digital encryption combinations'. What this really tends to mean is that the voice audio is digitally encoded, and that there are x number of possible codes (aka 'combinations') used to identify which handset belongs to which base. If a base can't recognise a handset as belonging to it, it doesn't let the handset connect to it.

Just because it's digitally-encoded and I can't listen to it with an analogue scanner, though, only means that I don't have the right equipment to be able to listen to it, not that it's actually encrypted. Following the copywriters' logic, I could expand it out to mean that anything I didn't want anyone here to understand could simply be written in French - which is great until someone gets ahold of a French-English dictionary.

So yeah, your coworkers probably won't be able to listen in on your calls, but your traffic will only be digitally-encoded in any meaningful way if you spend a lot of money to get it that way.

Please don't ask me about VoIP security. I know relatively little about it, and think VoIP is a good idea that doesn't work worth half a damn yet.

I assume that the "encryption combinations" are similar to the codes used by some 2-way radios, which they call "privacy codes." It's all a load of bunk though, and I liken it to the use of a destination MAC address on a dumb Ethernet hub. Anyone who feels like listening in promiscuous mode (or in this case ignoring the security code) can hear everything.

Since the receiver of the cordless phone is capable of decoding DSS I suppose the hardware must not be expensive. I wonder how hard it is to build a scanner that decodes same.

So there are no cordless phones out there which stand above the rest in terms of privacy?

OK, I won't ask about VoIP but I remember running across an opensource tool about a year ago which will decode SIP (and maybe other protocols?) and put the stuff into wav files. There is commercial software to do the same. Interestingly, the commercial software I demo-ed did not (yet?) know how to decode skype calls.

Maybe a SIP hardware phone is the answer. That way I can run it over my own wireless LAN which I at least have some control over. Unfortunately that means setting up Asterisk to actually route the call out over my land line.

J