Slashdot Mirror


Eavesdropping On Google Voice and Skype

Simmons writes with news of research that demonstrated vulnerabilities in Skype and Google Voice that would have allowed attackers to eavesdrop on calls or place unauthorized calls of their own. "The attacks on Google Voice and Skype use different techniques, but essentially they both work because neither service requires a password to access its voicemail system. For the Skype attack to work, the victim would have to be tricked into visiting a malicious Web site within 30 minutes of being logged into Skype. In the Google Voice attack (PDF), the hacker would first need to know the victim's phone number, but Secure Science has devised a way to figure this out using Google Voice's Short Message Service (SMS). Google patched the bugs that enabled Secure Science's attack last week and has now added a password requirement to its voicemail system, the company said in a statement. ... The Skype flaws have not yet been patched, according to James." Reader EricTheGreen contributes related news that eBay may sell Skype back to its original founders.

4 of 62 comments (clear)

  1. Believe it or not by Landak · · Score: 5, Insightful

    Believe it or not, Skype carries the second largest number of international calls in the world, second only to AT&T. With a volume like that, you'd imagine that any potential vulnerability may well find someone interested in applying it, very quickly. Like, for instance, the NSA...

    --
    My UID is prime. Is yours?
    1. Re:Believe it or not by Wowsers · · Score: 4, Insightful

      Luckily* for Linux and Skype users, Skype hasn't been updated in about 2 years, and definitely no 64 bit version. So the vulnerability will be there for who knows how long until Skype (or is it eBay) gets their finger out of their backside and gives Linux/Skype users a better deal.

      * Being sarcastic

      --
      Take Nobody's Word For It.
  2. Unsurprising by Alcoholist · · Score: 4, Insightful

    Anyone expecting privacy on these systems is a fool. It's not like either of these companies is regulated in any way, to say nothing of the fact they provide their services over the Internet which you only have read /. for a day to know is not secure.

    --
    Bibo Ergo Sum.
  3. Cloud apps improve security by Alascom · · Score: 5, Insightful

    Once again, we see that cloud apps like Google's Grandcentral have a real benefit to security, despite the sensationalist scare mongering.

    When a bug in a cloud based application is identified, it can be patched quickly, in a single location, and the bug disappears. The same cannot be said of locally installed apps (exchange servers, etc) that take years for companies and administrators to eventually get the patches installed.