Saturday, July 26, 2008

Skype backdoor

I knew it was too good to be true! As a for-profit company, Skype/EBay eventually had to cave in to spook pressure and allow for eavesdropping. In fact, the back door might have been in from the beginning.

Heise online: According to reports, there may be a back door built into Skype, which allows connections to be bugged. The company has declined to expressly deny the allegations. At a meeting with representatives of ISPs and the Austrian regulator on lawful interception of IP based services held on 25th June, high-ranking officials at the Austrian interior ministry revealed that it is not a problem for them to listen in on Skype conversations.

This has been confirmed to heise online by a number of the parties present at the meeting. Skype declined to give a detailed response to specific enquiries from heise online as to whether Skype contains a back door and whether specific clients allowing access to a system or a specific key for decrypting data streams exist. The response from the eBay subsidiary's press spokesman was brief, "Skype does not comment on media speculation. Skype has no further comment at this time." There have been rumours of the existence of a special listening device which Skype is reported to offer for sale to interested states.

Here's what I wrote back in 2005:

...I just learned that Skype connections are encrypted using 256 bit AES, negotiated using 1024 bit RSA. This level of encryption is essentially unbreakable with current computing power. The Feds (with the possible exception of the NSA, and they would have to work very hard to break even a single session) have no chance of eavesdropping on any Skype conversation.

It is true that Skype is closed-source, so it isn't easy to verify that the crypto implementation doesn't have any holes or backdoors. However, given the number of users and the negative consequences for the company of any privacy issues, I suspect that it works as advertised.

Well, although you are probably safe from your neighbors or local network admin, the Feds apparently don't have any problems listening in on your Skype calls.


Anonymous said...

Not just the NSA listening in on your skype calls; the Chinese Government listening in on the skype calls of its citizens.

The consequences of this backdoor, for those users, could be a good deal more ominous.

Steve Hsu said...

Jacques: good point. It's definitely in the public interest for the existence of this backdoor to be widely communicated.

Blog Archive