Following the news that the instant messaging application, SKYPE, has been affected by a vulnerability called SPYKE. SPYKE is an attack that affects any SKYPE installation as long as the attacker has local access to the login screen of a running SKYPE instance. The vulnerability primarily affects Windows OS clients but users of other OS’s might be vulnerable. IT security experts from Comparitech, ESET, AlienVault and AlertLogic commented below.
Lee Munson, Security Researcher at Comparitech:
“The ‘SPYKE’ attack is only effective in limited circumstances so most people should not be overly concerned about it.
The fact that an attacker needs local access to a machine should ensure that all but the most unfortunate of home users should have absolutely nothing to worry about, though they should always keep all their software up to date at all times.
Additionally, in this age of laptops and smartphones, only a tiny minority of people are likely to be using public machines so the potential size of the attack is tiny.
That said, anyone who is successfully duped could be in real trouble, especially in term of identity theft following the acquisition of their login credentials.
Therefore, it is essential that organisations offering Skype terminals in public places immediately update the clients to remove the Facebook login feature.
Those few people who need to use such services should think twice before doing so. If unavoidable, they should ensure that they login directly and not through Facebook. Furthermore, it is always good practice to use different login credentials for every online account – such an approach would certainly mitigate the risk of a widespread attack in this case.
Additionally, users should always be aware of the information they share with any company, not only Skype. Do they need to enter their correct names, dates of birth, postal addresses, etc., for every account or can they be a bit more liberal with the truth as a means of minimising the amount of personal information they share online?”
Mark James, IT Security Specialist at ESET:
“Any attack that can potentially steal your login credentials is bad. When you’re presented with a login page within the application the chances of a successful phish are extremely high. When this fake page is shown, a level of trust has already been gained so putting your credentials in could seem like a normal thing to do. Once you have entered your details they almost certainly will be used elsewhere and distribution of spam or malware from your Skype account could lead from this attack.
Ensuring you’re on the latest version of Skype will protect you from this attack, specifically versions older than SKYPE Client 7.31.0.104 should update immediately. Keeping all your software up-to-date is the best way to keep safe. It’s something you hear all too often, update this, update that, but the bad guys never sleep, there is always someone looking for the next vulnerability and or exploit. Having a good regularly updating internet security product and the latest operating system will all help in your multi layered security approach.”
Javvad Malik, Security Advocate at AlienVault:
“Overall it’s not such a serious attack as it requires an attacker to have local machine access.
It’s a type of attack that is prevalent against public-facing machines such as kiosks. Organisations should always take care in hardening public-facing machines to minimise the risk of tampering and gaining access to back end systems. They should also deploy additional monitoring controls to detect any active threats against such endpoints.
Users should update their Skype installations as soon as possible as part of their patch cycle to close off this vulnerability.”
Oliver Pinson-Roxburgh, Director of EMEA at Alert Logic:
“In the scenario where you are restricted by the tools on the system as an attacker, this attack is massive. If all the attacker has access to is Skype, this exposes the system to pretty much any website so it’s a massive oversight. From this, cybercriminals could gain access to malicious tools. If the attacker has access to a restricted terminal they can use this flaw to extend access by browsing to exploit kits or download tools. In addition, you could steal local credentials through phishing using this to trick the user. The other key thing is that a lot of this would look like just normal skype activity. As damage control for such attacks, I would use a proxy for local connections and limit access to areas within Facebook as a start. Training users is critical to limiting bad decisions and I would also be monitoring for malicious activity on the network, focusing on exposed systems. I would also recommend updating as soon as possible.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.