Skype Eavesdropping

It is generally assumed that Skype calls cannot be tapped and since the company uses 256 bit encryption Skype calls are twice as secure as many internet credit card transactions. According to this story, Kurt Sauer, Skype’s chief security officer says, there are no "back doors" that could let a government bypass the encryption on a call. At the same time, he said Skype "cooperates fully with all lawful requests from relevant authorities." He would not give particulars on the type of support provided.

So if the government has an IP address of a person on a Skype call and the cooperation of the ISP they are able to record all packets going to that address. They may even be able to do this without proactive ISP cooperation. At this point, since they have Skype’s help, they may be able to unencrypt the call. In theory they could also ask Skype to send duplicate voice packets destined for specific callers to a government agency.

So while many view VoIP as a technology that makes the government’s job more difficult, it may actually make it easier in certain cases. After all, IP makes it easier to record remote call center agent conversations, the same thing can be true of wire tapping.

Since Skype is now owned by eBay I can’t imagine a scenario where they aren’t giving the government the keys to their encryption system. After all CALEA may not apply officially to Skype calls that stay on network but Skype would likely still comply or risk major government problems.

  • Aswath
    February 17, 2006 at 12:19 pm

    You say that Skype could send duplicate packets to the government. I wonder how could it do it? If the end-poins are doing it then the targets will discern the duplication and hence can easily infer that evesdropping is on. An intermediary point can’t do it. Since the intermediary points are also Skype clients, they will discern that evesdropping is on. Additionally, the end-points can observe that the packets are not going directly between peer-to-peer (the destination IP address is not the same as that of the far-end) and hence infer that evesdropping is on.

  • Rich Tehrani
    February 17, 2006 at 2:30 pm

    I was thinking the endpoints would do this and I suppose a sophisticated user would be able to figure out this was happening. Of course they would have to know to look for duplicate packets or run a program that detects this is happening.

  • peter
    August 29, 2008 at 12:27 pm

    We cannot trust in a closed-source software and protocol like skype. I think secret agencies have already made skype become an eavesdropping factory. Now, everyone knows that it’s cheaper to dial your friend’s cell phone using skype than if you dialled by your own cell. So they make people used to VoIP and it’ll be easy for the agencies to wiretap everything.
    Bulid own networks, own encryptions. Do not let the system get you!

Leave Your Comment


Share via
Copy link
Powered by Social Snap