in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Skype Encrypts Your Calls, Trojan Gets Around It

I'm a Skype user.  While I'm not too crazy about the call quality, it's the cheapest way to make calls to the US while I'm drinking a cup of coffee at an overseas coffee shop that offers free wi-fi (the call itself is also free if the other guy uses Skype on his computer as well).  One of the things that I don't really think about it, but I'm sure I should appreciate, is the fact that all calls made via Skype make use of encryption.

Why do I know this?  I covered a story nearly two years ago how the German government could not crack Skype's encryption and had to find a way around it if they wanted to do some wiretapping.

Now, there's news that a new Trojan is making the rounds that gets around this "problem."  The new malware, Trojan.Peskyspy, gets around the issue of encryption by recording Skype calls.

You see, any method of secure communication features a weak link.  In the case of Skype, it's the fact that you cannot listen to your friend on Skype unless the encrypted call is decrypted at some point.  The Trojan essentially records this decrypted audio and saves it as an MP3 file on your computer and is later sent to whoever controls the infected machine.

Since encryption has proven to be too hard to break, the smart ones have decided to find some other way to eavesdrop.

The only problem, as pointed out by Symantec, is the fact that any criminals wanting to use information gleaned via this method have to spend time listening to thousands of MP3 files.

Or is it a problem?  I know of speech recognition software, like Dragon Naturally Speaking, that does a great job of transcribing audio (I use DNS myself).  I can already see a scenario where MP3s are sent to the malware creators; the audio is transcribed via speech recognition software; and a script is run to concentrate on number patterns that seem to match credit cards and SSNs.  The entire thing could be automated.

Sure, the signal-to-noise ratio may be pretty high (this method may not be as efficient as hacking into a bank's database), but seeing how a lot of people put their guard down while on the phone, it may be worth the effort.  You know, like panning for gold is not exactly a better way to become rich than a 9-to5 job, but when you strike it big...


Related Articles and Sites:
http://www.pcauthority.com.au/News/154401,skype-trojan-can-log-voip-conversations.aspx

 
<Previous Next>

Data Encryption Software: Tapes With Sensitive Data Falls Off Truck, Rammed Into Oblivion

Laptop Encryption Software: NHS Birmingham Issuing Security Alert

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.