Security

Polish prof discovers way to encrypt secret messages into silence on Skype (even if the FBI is listening)

origin_5708101680Skype calls use 256-bit advanced encryption by default, but that’s not secure enough for some people. So a prof at the Warsaw University of Technology has created a way to communicate even more privately on Skype — by using silence.

Wojciech Mazurczyk (10 points if you can pronounce that name) has found a way to hide data in the 70-bit packets that Skype sends by default when it’s detecting silence … when you’re not talking. Skype itself does nothing with these packets when it receives them, but Mazurczyk’s team has discovered a way to intercept and decode them anyway, according to New Scientist.

An even higher level of secrecy might seem like overkill for an already-encrypted call, but Skype is owned by Microsoft, and we know that 3-letter American government agencies want the ability to monitor your digital communications on Skype and social networks … and have asked Microsoft, Facebook, and others for backdoors in their communications technologies.

Microsoft does have a patent application in process called “Legal Intercept” that enables the ability to record “any kind of voice-over-Internet-protocol (VoIP) communications” by re-routing messages over “a path that includes a recording agent.”

origin_4440880089It’s unclear at this point whether law enforcement agencies are actually intercepting and listening to Skype conversations, but the Skype privacy policy does seem to allow for it, including the actual “content of instant messaging communications, voicemails, and video messages” in a long list of data that Skype collects on its users.

And this clause basically says that what you do or say on Skype could be disclosed and, I suppose, used against you in a court of law for basically any reason, including the fairly nebulous “protecting Skype’s interests:”

Skype may disclose personal information to respond to legal requirements, exercise our legal rights or defend against legal claims, to protect Skype’s interests, fight against fraud and to enforce our policies or to protect anyone’s rights, property, or safety.

All of which goes to show why security researchers might be tempted to find ways to use probably the most popular VoIP app on the planet without airing their private conversations for anyone in law enforcement to enjoy.

A Microsoft representative I contacted for comment could not speak about this issue immediately (it is, after all, the weekend). A Skype representative, similarly, is conferring with the company’s chief security officer, who is based in the UK, before commenting.

Mazurczyk will be presenting his team’s work and findings at a steganography conference this summer in France.

photo credit: Chris Pirillo via photopin cc, Vince Welter via photopin cc

blog comments powered by Disqus