Fire Alarms Systems

For many years, several governments have complained that Skype communications are encrypted, and demanded back doors. United States, the FBI has been pushing for such backdoors. There have been few reports of applications that allow Skype tapped, despite his alleged encryption, but not much in the way of details. Now the famous Chaos Computer Club (CCC) is saying that reverse engineering "lawful interception" Trojan horse used by the German police.

the program after a lawyer whose client was under investigation gave the CCC his client's hard drive, where the group is the code. As often happens with such things, the CCC found that in fact the Trojan introduced the myriad of security issues as well:



The analysis concludes that the developers do the Trojans, even tried to implement technical measures to ensure that the malware can be used exclusively for Internet telephony wiretapping, as established by the Constitutional Court. However, the design includes features to add more components in a clandestine manner on the network from the beginning, which is a bridgehead for further infiltrate the team.



"This refutes the claim that an effective separation of the mobile Internet by typing and a Trojan horse full feasible - or even wanted," he CCC said the speaker. "Our analysis revealed again that the security forces are exceeded its authority if it is carefully observed in this case features a clear intention to violate the law is made in this malware, too. They designed to load and run arbitrary code on the target system. "

Malware

Government may, without the supervision of a judge, the extensions of the charge by remote control, to use the Trojan to other functions, including but not limited to listening to. This control over the infected computer - because of poor craftsmanship that went into this Trojan horse - is open not only to the organization that put it there, but everyone. It could even be used to charge falsified "evidence" against the owner of the PC, or delete files, putting the whole purpose of this method of investigation.



[....]
The analysis also revealed serious security flaws that the Trojan is broken into infected systems. The screenshots and audio files are encrypted sending incompetent, the software commands to control the Trojan is still completely clear. Neither controls Trojan responses are authenticated and protect their integrity. Not only can unauthorized third parties to take on the infected system, but even mediocre skill level attackers may be connected to the authorities, is designed as a specific instance of the Trojan horse, and charged with false data. It is even conceivable that the police infrastructure might be attacked by this channel. The CCC has not performed a penetration test on the server infrastructure of Troy.