Related Links

Top 5 Stories


Skype - not as secure as you might think

15 April 2009

Although VOIP afficionadoes are wont to promote the encrypted nature of Skype Internet telephony calls, it's now becoming accepted that the use of a compressed data mode within Skype opens the gates to pattern recognition and slow, but steady, text-based decoding of the voice transmissions as a result.

But now it seems the Skype client software may also be flawed, as the experts over at Secure Science have revealed the system can be used as an advanced phishing platform.

In a process known as `SkypeSkrayping', Secure Science says that users are being contacted - ostensibly by Skype HQ - via instant messaging, and offered a free $25.00 credit if they visit a site.

Of course, the site is a frame or image-infected one and - quelle surprise - the Skype user ends up being infected in response to the link in the instant message.

The bad news is that, once infected, it seems the fraudsters can gain remote access to the users' Skype account and add extra facilities which can then used by the remote user or, perhaps worse, used to phish for other victims and so tarnish the phished users' reputation.

Interestingly, Secure Science says that the phisher can also gain access to the phishee's outbound telephony calling facility.

This could be used, Infosecurity notes, to make free (to the fraudster) international phone calls via so-called spoof Caller ID services, which are normally charged a premium, and perform other scams as a result.

The good news is that Skype says it is aware of this client software flaw and is working on an update.






This article is featured in:
Data Loss  •  Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×