Switzerland considers VoIP-tapping tech

The Swiss Department of Environment, Transport, Energy and Communications (UVEK) is investigating potential technologies that could be used to tap internet telephony calls.

A small Swiss security firm called ERA IT has been named as the firm developing what is effectively a Trojan that could be used to listen into VoIP communications. The software would likely be used by authorities as an extension of existing wiretapping technologies for email and telephone communications.

The problem with VoIP communications is that they may be encrypted, routed via foreign servers or even peer to peer connections, making ‘listening in’ a difficult and complex procedure.

ERA IT’s “Superintendent Trojan” is a client side application that captures the conversation before and after decryption by listening in to the computer’s microphone and speakers.

Superintendent apparently records the entire conversation then breaks it up into small packets and sends it out over the internet to the authorities.

Two methods of installing the software have so far been presented. One is to install it locally on the machine, although this would require physical access to the device. The other is to have the subject’s internet service provider install it remotely.

This second method raises some technical questions. Finnish security firm F-Secure remarked that quite how this technique would be carried out is “unknown to us”.

Nevertheless, F-Secure said it would most likely add detection for this software if it was ever discovered in the wild. The company takes a hard line on government developed spying programs.

The emergence of the project has also raised concerns over the legality of such a technology. It is thought that installation of Superintendent could only be performed under instruction from a judge, but it is understood that federal law governing the usage of wiretaps does not cover VoIP communications.

A spokeswoman at the Federal Office of Communications said that the regulatory body “should be involved in this investigation,” but told that it was “instead being handled by a special services unit within the UVEK”.

Calls to the Department of Communications were not returned at the time of publication.


Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.