Cordless Fun

by Noam Chomski (NYMPHO)  (New York Metropolitan Phreak Hack Organization)

Did you know that you can legally monitor people on their cordless phones?  "Whoopee!" you say?  Well, I think it's stupendous!  More and more people are getting cordless and even I, an incredibly likely target for cordless scanning, let juicy bits of info flow over my cordless (albeit none incriminating).

Yes, even though cellular is a no-no, you are currently legally allowed to drive around in your car and tape people's cordless conversations.  Or you can do it on foot.  Receivers that pick up 46-50 MHz go for around $100.  I suggest ignoring RatShack and heading down to your local ham club or ham store - ham stores are great because they are almost like junkyards.  Not only can you get a bargain, you might be able to find an old receiver that picks up the now banned 800 MHz frequencies.

Even though I've owned my receiver for less than a week, I already can categorize most conversations:

  1. Mothers talking about their children.
  2. Fathers talking about handyman work, computers or corporations/stock market.
  3. People talking in Spanish, Greek, Korean, etc.
  4. Girls talking about sex with other girls.
  5. Boyfriend/girlfriend conversations.

However, I'm sure everyone can find very interesting uses, especially since you can drive up to someone's house and "discover" whether or not they have cordless.  (A scan of a local hacker yielded his father talking about dBase with another guy, yips.  Also, we picked up a guy talking about his BBSes doors and (yahoo!) chess match screensavers.)  I'm sure your local congressman or equities trader has things to say that you'd like to get on a TDK tape.  Or whatever.

AT&T is obviously one of the most popular brands of cordless phones in the States, and I have the specs for two of their models, an older one (5300) and the newer one (5515):

Channel     Base-to-Handset (MHz)   Handset-to-Base (MHz)
1*          46.61                   49.670
2           46.63                   49.845
3           46.67                   49.860
4*          46.71                   49.770
5           46.73                   49.875
6           46.77                   49.830
7           46.83                   49.890
8*          46.87                   49.930
9           46.93                   49.990
10          46.97                   49.970

* = AT&T 5300 Only

The AT&T 5515 has ten channels, while the 5300 has only three, which are the ones starred (*) above (Channels 1, 4, and 8 on the 5515 are 1, 2, and 3 respectively on the 5300).

There are two frequencies for each possible channel that a conversation can be on, the Base-to-Handset side and the Handset-to-Base side.

The Base-to-Handset side is the one to "scan" with because:

  • It has the local and the remote caller, thus you hear a two-way conversation.
  • Since the base unit is plugged in (120 volts), its signal is stronger than the handset's, and you can pick it up farther away then with the handset side.

The Handset-to-Base side also has its advantages:

  • As you can hear only the handset signal, you can discern the local speaker from the remote speaker.
  • As the Handset-to-Base signal has a shorter radius than the Base-to-Handset, you can "home in" on where the speaker is, useful when you are scanning in a well-populated area.

You might even be able to get these frequencies with an old worldband radio or a walkie-talkie used at work.  The best would probably be to get a portable scanner to plug into your car's cigarette lighter, and hook up a very good antenna to your car's front.  However, it can be done without a car just as easily, with a scanner in one pocket, a tape recorder in the other, and a pair of headphones over your ears.

I'd keep all of this a secret, but as Barney says, "Caring means sharing!"
Return to $2600 Index