Swiss look to Trojan code for VoIP tapping

The Swiss are investigating the possibility of tapping VoIP calls, by having ISPs installing Trojan code for them

Matt Whipp
10 Oct 2006

Swiss authorities are investigating the possibility of tapping VoIP calls, which could involve commandeering ISPs to install Trojan code on target computers.

VoIP calls through software services such as Skype are encrypted as they are passed over the public Internet, in order to safeguard the privacy of the callers.

This presents a problem for anyone wanting to listen in, as they are faced with trying to decrypt the packets by brute force - not easy during a three-minute phone call. What's more, many VoIP services are not based in Switzerland, so the authorities don't have the jurisdiction to force them to hand over the decryption keys or offer access to calls made through these services.

The only alternative is to find a means of listening in at a point before the data is encrypted.

According to the Swiss paper SonntagsZeitung, the Swiss Department of the Environment, Transport, Energy and Communications (UVEK) has hired software company ERA IT solutions to design an application to do just this.

In order to install the application on the target computer, the Swiss authorities envisage two strategies: either have law enforcement surreptitiously install it locally, or have the telco or ISP which provides Internet access to that computer install it remotely.

The application, essentially a piece of Trojan code, is also able to turn on the microphone on the target PC and monitor not just VoIP conversations, but also any other ambient audio.

The company claims that the software is able to skirt round any firewalls and evade detection by any antivirus applications already installed on the target machine.

However, Finnish security company F-Secure says it will add detection for the software should it ever be found in public, and takes a dim view of the project: 'We will not leave such backdoors to our F-Secure Anti-Virus products, regardless of the source of such tools. We have to draw a line with every sample we get regarding whether to detect it or not. This decision-making is influenced only by technical factors, and nothing else, but within the applicable laws and regulations, in our case meaning EU laws.'

The developers say progress on the project is being kept under wraps because of the bad publicity surrounding the use of Trojan code, which is one of the more common weapons in the hacker arsenal.

Furthermore, it is not yet established quite how legal such a sinister technique is, even if used with judicial permission. Federal law governing the use of wiretaps in post and communications does not take into account VoIP services.

Read more about: