NAME: KANAKA V. NAIDU
ROLL NO. : 1511096
BATCH : B2
CSS- Assignment 1
Summarize various threats, vulnerabilities, and controls
present in Skype
This report will show you the vulnerabilities present in Skype, and the threats that Skype can be victim to. This information was obtained by researching the analysis already done by many experts. The report will show you possible attack schemes from attackers, and how skype is vulnerable to them.
Skype says that it provides a secure method of communication. Thousands of people use Skype, because truly believe that it safe. But there are some security risk and vulnerabilities present in Skype. These will be explained in brief below. So as to make people more aware of the software the use so often.
Skype is “port agile” ? If a firewall port is blocked, Skype looks for other open ports that it can use to establish a connection.
Skype could provide a backdoor entry into secure networks for Trojans, worms, and viruses.
It could also provide a channel for corporate data to be freely shared between users without any of the usual security considerations.
One of the most serious malwares to affect this platform is known as the “Dorkbot”, a worm that was found to have migrated from Twitter and Facebook. It tempts users to click on links in messages, it asks questions such as “lol is this your new profile pic?”, prompting Skype users to unknowingly install the worm on their computers.
The infected machine is connected to a botnet, upon which users are locked out of their computers, and their data is possibly encrypted, and remains inaccessible until a demand of $200 is paid – within 24 hours.
Upgrading to the latest release of Skype will avoid infection by this version of Dorkbot.
A Fake App for Android
Android users were warned about a fake Skype app in July 2012, named “Trojan:Java/SMSFakeSky.A ” by Microsoft.
The app only runs on older Android devices that allow ‘ Java MIDlets ‘ to be run on them.
The malware is advertised on fake websites, using Russian ‘.ru’ extensions, and with the malware hosted on ‘.ne’ domains and installs itself onto device , and then sends expensive SMS messages to earn money for the developers.
Cross Platform Skype Malware
In Windows, and Mac user , both, a new Trojan was discovered that affected OS X 10.6 Snow Leopard and OS X 10.7 Lion machines.
Known as OSX/Crisis, the malware uses Java, and other means to gain access to a computer, and then spy on the user by monitoring Firefox, Microsoft Messenger, Safari, and Skype.
The malware operator can record Skype audio traffic, and intercept any files that are sent over the network. The code has the ability to access any text entry using the keyboards, can access and control webcams, and also detect your location, device information and address book. This malware has a keylogger also included.
In a vulnerability discovered in September 2017, it was found that Skype could be exploited with a DLL attack, which tricks Skype into using malicious code instead of Microsoft’s original code.
In June 2017, a flaw in Skype’s messaging service was discovered and it could allow hackers to crash your system and execute malicious codes in them.
Skype uses a common open-source framework used in applications called ‘Electron’. Electron was later found to be having a critical vulnerability thus making Skype vulnerable too.
These security flaws allowed attackers to gain system-level-privileges.Which meant that attackers could have complete control of the affected system and carry out any kind of malicious activity, like deleting files, stealing sensitive information, holding data hostage by running a ransomware, etc.
A vulnerability dealing with stack buffer overflow was reported and documented as ‘CVE-2017-9948’.
The flaw has been considered as a high-security risk with a Common Vulnerability Scoring System or CVSS score of 7.2.
According to Vulnerability Lab researchers, this flaw can cause a serious impact to both remote and local Skype users.
Cyber attackers can easily crash Skype by placing a request to overwrite the active process.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs suspicious activity. This may indicate attack attempts or activity that results from successful attacks.
Don’t use or execute files from unknown sources.
People should be cautious about installing and running applications from sources that are untrusted.
People should be careful about clicking , or open links that look suspicious.
When HTML from emails are filtered it could help eliminate a possible vector for transmitting malicious links to users.