Polish Researchers have discovered a clever way to send secret messages during a phone call on Skype. We know that, by default skype calls use 256-bit advanced encryption, but researchers find that is not enough. So they find out this new way to communicate messages more secretly by using silence.
Mazurczyk, Maciej Karaś and Krzysztof Szczypiorski analysed Skype data traffic during calls and discovered that there is a way in Skype silence, where rather than sending no data between spoken words, Skype sends 70-bit-long data packets instead of the 130-bit ones that carry speech.
So by taking advantage of this they hijacks these silence packets and then inject encrypted message data into some of them. The Skype receiver on other end will always simply ignores the secret-message data, but it can be decoded back to receive that secret message.
Team decide to present this at Steganography conference by creating a POC tool called SkypeHide that will be able to hijacks some of the silence packets and then injecting the encrypted hidden messages i.e text, audio or video , that can be transmitted at a rate of almost 1 kilobit per second.
We wish them Good Luck for their huge success and Conference Talk !
Original post at –thehackernews
Thanks for reading. hope it might helped you.
Skype, the internet communications platform, is being used by hackers to distribute a “worm” that infects Windows PCs.
When users click on an instant message saying “lol is this your new profile pic?” they unwittingly download a file containing a Trojan horse malware file.
This opens a backdoor allowing hackers to hijack infected PCs and recruit them into a “botnet army”.
Users can be locked out of their machines and held to ransom.
According to internet security specialist Sophos, the worm is a variant of the well-known “Dorkbot” worm which has been spread by social media platforms such as Facebook and Twitter.
When the worm infects a computer it sends out the “lol” message to the user’s contact list.
Unsuspecting recipients think the message has originated from someone they know and click on the link, thereby downloading the malware payload.
Skype said in a statement: “Skype takes the user experience very seriously, particularly when it comes to security. We are aware of this malicious activity and are working quickly to mitigate its impact.
“We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer.
“Additionally, following links – even when from your contacts – that look strange or are unexpected is not advisable.”
Botnets are often used to mount distributed denial of service (DDoS) attacks – forcing websites offline – to run spyware or to send out spam emails.
Publicity about the threat has made many users wary of clicking on strange-looking links posted via social networks, which may have prompted the perpetrators of this latest attack to switch tactics.
“The danger is, of course, that Skype users may be less in the habit of being suspicious about links sent to them than, say, Facebook users,” said Sophos’s senior technology consultant Graham Cluley.