Swiss look to Trojan code for VoIP tapping
By Matt Whipp
Posted on 10 Oct 2006 at 13:08
Swiss authorities are investigating the possibility of tapping VoIP calls, which could involve commandeering ISPs to install Trojan code on target computers.
VoIP calls through software services such as Skype are encrypted as they are passed over the public Internet, in order to safeguard the privacy of the callers.
This presents a problem for anyone wanting to listen in, as they are faced with trying to decrypt the packets by brute force - not easy during a three-minute phone call. What's more, many VoIP services are not based in Switzerland, so the authorities don't have the jurisdiction to force them to hand over the decryption keys or offer access to calls made through these services.
The only alternative is to find a means of listening in at a point before the data is encrypted.
According to the Swiss paper SonntagsZeitung, the Swiss Department of the Environment, Transport, Energy and Communications (UVEK) has hired software company ERA IT solutions to design an application to do just this.
In order to install the application on the target computer, the Swiss authorities envisage two strategies: either have law enforcement surreptitiously install it locally, or have the telco or ISP which provides Internet access to that computer install it remotely.
The application, essentially a piece of Trojan code, is also able to turn on the microphone on the target PC and monitor not just VoIP conversations, but also any other ambient audio.
The company claims that the software is able to skirt round any firewalls and evade detection by any antivirus applications already installed on the target machine.
However, Finnish security company F-Secure says it will add detection for the software should it ever be found in public, and takes a dim view of the project: 'We will not leave such backdoors to our F-Secure Anti-Virus products, regardless of the source of such tools. We have to draw a line with every sample we get regarding whether to detect it or not. This decision-making is influenced only by technical factors, and nothing else, but within the applicable laws and regulations, in our case meaning EU laws.'
The developers say progress on the project is being kept under wraps because of the bad publicity surrounding the use of Trojan code, which is one of the more common weapons in the hacker arsenal.
Furthermore, it is not yet established quite how legal such a sinister technique is, even if used with judicial permission. Federal law governing the use of wiretaps in post and communications does not take into account VoIP services.
- Flickr redesign: is it enough to tempt photographers back?
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Google Now draining iPhone battery
- Start8 and ModernMix: making Windows 8 work on a desktop
- How to boost your mobile reception
- How to fix Facebook: Social Fixer
- Taking the stress out of WordPress updates
- Where to download free web fonts
- Turn your tablet into a Sky+ remote control
- How to measure the success of a new IT system
- Three years on: the state of the tablet market
- Windows 8: what works and what doesn't
- Yes, I write down my passwords