Forgot your password?

Close
typodupeerror
Communications Google Security

Eavesdropping On Google Voice and Skype 62

Posted by Soulskill
from the can-i-hear-you-now dept.
Simmons writes with news of research that demonstrated vulnerabilities in Skype and Google Voice that would have allowed attackers to eavesdrop on calls or place unauthorized calls of their own. "The attacks on Google Voice and Skype use different techniques, but essentially they both work because neither service requires a password to access its voicemail system. For the Skype attack to work, the victim would have to be tricked into visiting a malicious Web site within 30 minutes of being logged into Skype. In the Google Voice attack (PDF), the hacker would first need to know the victim's phone number, but Secure Science has devised a way to figure this out using Google Voice's Short Message Service (SMS). Google patched the bugs that enabled Secure Science's attack last week and has now added a password requirement to its voicemail system, the company said in a statement. ... The Skype flaws have not yet been patched, according to James." Reader EricTheGreen contributes related news that eBay may sell Skype back to its original founders.
This discussion has been archived. No new comments can be posted.

Eavesdropping On Google Voice and Skype More

Eavesdropping On Google Voice and Skype

Comments Filter:

  • Believe it or not (Score:5, Insightful)

    by Landak (798221) <Landak@gmail.com> on Sunday April 12, 2009 @01:14PM (#27549415) Homepage
    Believe it or not, Skype carries the second largest number of international calls in the world, second only to AT&T. With a volume like that, you'd imagine that any potential vulnerability may well find someone interested in applying it, very quickly. Like, for instance, the NSA...

  • Unsurprising (Score:5, Insightful)

    by Alcoholist (160427) on Sunday April 12, 2009 @01:20PM (#27549459) Homepage

    Anyone expecting privacy on these systems is a fool. It's not like either of these companies is regulated in any way, to say nothing of the fact they provide their services over the Internet which you only have read /. for a day to know is not secure.

  • Re:Not nearly as interesting as you'd expect (Score:3, Insightful)

    by Jurily (900488) <jurily@NoSpAM.gmail.com> on Sunday April 12, 2009 @01:23PM (#27549471)

    It's simply not cost effective to listen in on every call.

    It's most likely not every call. Just by those on the List.

  • Re:Unsurprising (Score:2, Insightful)

    by Anonymous Coward on Sunday April 12, 2009 @01:44PM (#27549561)

    Anyone expecting privacy on these systems is a fool.

    Maybe, but not for the reasons you give. You just have to look at AT&T to realize that regulation doesn't give you privacy. And providing a service over the Internet doesn't automatically makes it not secure. Security is a layer that you add if you want it, see SSL for an example.

  • Re:Believe it or not (Score:5, Insightful)

    by Wowsers (1151731) on Sunday April 12, 2009 @01:44PM (#27549563) Journal

    Luckily* for Linux and Skype users, Skype hasn't been updated in about 2 years, and definitely no 64 bit version. So the vulnerability will be there for who knows how long until Skype (or is it eBay) gets their finger out of their backside and gives Linux/Skype users a better deal.

    * Being sarcastic

  • Re:Unsurprising (Score:2, Insightful)

    by Anonymous Coward on Sunday April 12, 2009 @02:24PM (#27549741)

    In a used book store, perhaps 8 years ago, I held a conversation with the gentleman next to me for 5 minutes. Then he walked away and kept talking on his phone.

    People who talk on cell phones while being checked out are rude. The cashier is a person and deserves the currtacy of your attention over anyone on a phone conversation.

    Using a cell phone in public is rude.

    Texting/emailing while anyone is talking to you is rude unless they are dictating the contents of the message.

    I'm guilty of talking and emailing when I should be carefully listening to another person.

  • Cloud apps improve security (Score:5, Insightful)

    by Alascom (95042) on Sunday April 12, 2009 @03:02PM (#27549963)

    Once again, we see that cloud apps like Google's Grandcentral have a real benefit to security, despite the sensationalist scare mongering.

    When a bug in a cloud based application is identified, it can be patched quickly, in a single location, and the bug disappears. The same cannot be said of locally installed apps (exchange servers, etc) that take years for companies and administrators to eventually get the patches installed.

  • Re:Unsurprising (Score:4, Insightful)

    by mattwarden (699984) on Sunday April 12, 2009 @03:42PM (#27550139) Homepage

    > Anyone expecting privacy on these systems is a fool. It's not like either of
    > these companies is regulated in any way

    Amen. As we know, telephone companies that area regulated would never compromise their users' privacy.

    Oops! [slashdot.org]

  • Re:Skype back to the founders? (Score:4, Insightful)

    by Bert64 (520050) <bert@@@slashdot...firenzee...com> on Sunday April 12, 2009 @05:37PM (#27550821) Homepage

    Google talk interoperates with other services using XMPP - a published standard... I can talk to google users without having to use their service. People can *choose* to use google's servers and accept the inherent risks, or they can choose not to and still communicate with the same people. I choose not to use their service, but i talk to a few google talk users.

    Skype doesn't interoperate with anything, you have to use their service and their client. Once you have sufficient users locked in to the service, using a competitor becomes pointless because everyone you want to talk to is only contactable using skype, at which point they can screw up however they want.

Since we're all here, we must not be all there. -- Bob "Mountain" Beck

Close