Wiretapping Skype calls: virus eavesdrops on VoIP

Sep 02, 2009 By JORDAN ROBERTSON , AP Technology Writer

(AP) -- Some computer viruses have a crude but scary ability to spy on people by logging every keystroke they type. Now hackers and potentially law enforcement have another weapon: a virus that can eavesdrop on voice conversations that go over computers instead of a regular phone line.

The capability has been shown in a new "Trojan horse" virus that records Voice over Internet Protocol (VoIP) calls through the popular service. Skype calls are free or low cost and can work between two computers or between one computer and a phone.

There were 480 million Skype users worldwide at the end of June, but it's unlikely many would be hit by the new virus. It's better suited for targeted rather than mass infections because criminals would have to sift through an unfathomable amount of audio recordings generated by the virus.

Law enforcement in the U.S. would presumably need a court order to surveil someone's Skype calls, but the barriers to deploying the virus might be lower for intelligence agencies and authorities in other countries.

The virus, which security firm Symantec Corp. calls the first "wiretap Trojan," doesn't target a particular vulnerability in Skype. Instead, it hooks into parts of the Windows operating system that handle audio processing. Then it intercepts all audio data coming from Skype before it's encrypted by the software, according to Symantec's analysis.

The audio gets saved as MP3 files and can be sent to computers controlled by the criminals.

"It's more interesting than dangerous," said Kevin Haley, director of Symantec Security Response. "It's an espionage tool. That's its clear purpose. It's not practical for any type of broad-based attacks."

The virus was designed and released by Ruben Unteregger, a Swiss programmer who said he started researching on his own before turning it into a project for his employer, ERA IT Solutions.

In 2006 the software company was reported by the Swiss newspaper SonntagsZeitung to have been working on a VoIP-cracking virus for the Swiss government, an account Unteregger said he couldn't confirm because of a nondisclosure agreement he signed for the project.

ERA IT Solutions says it never had an order from a government agency to develop the program, and that it stopped working on it when Unteregger left the company last year.

"This is Ruben's affair only," said company representative Riccardo Gubser.

Unteregger said in an e-mail interview with the AP that his goal in releasing the virus' programming code was to make people aware that "we are now becoming a surveillance society" and that "police Trojans are reality and questionable."

©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Explore further: Fitbit to Schumer: We don't sell personal data

add to favorites email to friend print save as pdf

Related Stories

Skype user reports protocol hack

Jul 17, 2006

A Chinese company says it has reverse-engineered the Skype protocol, allowing it to place calls over Skype's Voice over Internet Protocol network.

Skype comes to iPhones on Tuesday

Mar 30, 2009

Skype has confirmed that a free software application enabling iPhone owners to use its Internet telephone service will be available in Apple's online App Store beginning Tuesday.

Motorola and Skype announce certified Bluetooth headset

Nov 22, 2005

Motorola, Inc. and Skype today announced the first Skype-certified Bluetooth headset solution in America, the Motorola Wireless Internet Calling Kit. The Motorola Wireless Internet Calling Kit enables Skype ...

Recommended for you

Fitbit to Schumer: We don't sell personal data

6 hours ago

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

11 hours ago

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

How much do we really know about privacy on Facebook?

12 hours ago

The recent furore about the Facebook Messenger app has unearthed an interesting question: how far are we willing to allow our privacy to be pushed for our social connections? In the case of the Facebook ...

Philippines makes arrests in online extortion ring

12 hours ago

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

Google to help boost Greece's tourism industry

Aug 21, 2014

Internet giant Google will offer management courses to 3,000 tourism businesses on the island of Crete as part of an initiative to promote the sector in Greece, industry union Sete said on Thursday.

Music site SoundCloud to start paying artists

Aug 21, 2014

SoundCloud said Thursday that it will start paying artists and record companies whose music is played on the popular streaming site, a move that will bring it in line with competitors such as YouTube and Spotify.

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

fixer
not rated yet Sep 02, 2009
This should bankrupt Skype overnight.
Many of these skype calls are medical in nature and are priviliged info.
RayCherry
not rated yet Sep 03, 2009
Skype joins all the other phone and communications providers who are unable to ensure privacy for any client.