Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Skype Back Door Speculation

Posted by CmdrTaco on from the i'm-your-backdoor-man dept.

An anonymous reader writes "According to reports, there may be a back door built into Skype, which allows connections to be bugged. The company has declined to expressly deny the allegations. At a meeting with representatives of ISPs and the Austrian regulator on lawful interception of IP based services held on 25th June, high-ranking officials at the Austrian interior ministry revealed that it is not a problem for them to listen in on Skype conversations."

11 of 210 comments (clear)

  1. Open source VoIP alternatives? by vertinox · · Score: 3, Interesting

    I don't use Skype (or VoIP for that matter) but I would be curious if anyone knows of any alternatives that is completely open.

    --
    "I am the king of the Romans, and am superior to rules of grammar!"
    -Sigismund, Holy Roman Emperor (1368-1437)
    1. Re:Open source VoIP alternatives? by stinerman · · Score: 2, Interesting

      Granted, but Gizmo5 is only a software program that interfaces with the SIP-based network. You can (and I have) used Ekiga as the software front-end that works with an account.

      The only downside is that there isn't any encryption, so it'd be pretty trivial to bug.

    2. Re:Open source VoIP alternatives? by NormalVisual · · Score: 3, Interesting

      The thing is, I'd imagine any agency that can get a warrant to use the backdoor in Skype can also get a warrant to examine your net connection for voice traffic. VoIP implemented over SIP/RTP is quite easy to listen in on if you have access to the entire bit stream since practically nobody encrypts the RTP stream.

      --
      Please stand clear of the doors, por favor mantenganse alejado de las puertas
    3. Re:Open source VoIP alternatives? by davester666 · · Score: 5, Interesting

      Oh, for the good old days, when you actually needed a warrant.

      Now they just get your packets to route across a border, and then can listen in at will [if you're not in the US].

      If you do happen to live in the US, they just declare [as in, speak into the air] "This person is obviously an terrorist, an enemy combatant not in an official uniform, therefore, I can listen to all their phone calls.". Then the phone and/or VOIP company is required to permit the wiretap. This used to require a photocopied letter, but those were just too much of a hassle to carry around...

      --
      Sleep your way to a whiter smile...date a dentist!
  2. Decode the protocol? by forrie · · Score: 2, Interesting

    Has anyone made attempts at decoding the SKYPE protocol. This would take some clever reverse engineering of the code and some clever wire sniffing.

    I wonder if it would be possible to inject an encryption layer underneath what their service provides.

    On a legal note, in the US, could consumers who purchased SKYPE products sue SKYPE.

    Chances are pretty good that if this backdoor exists, it has for a long time.

    1. Re:Decode the protocol? by mrogers · · Score: 5, Interesting

      The code is heavily obfuscated to prevent reverse engineering (encrypted code, checksums, debugger detection, all kinds of fun).

  3. Encrypt by Anonymous Coward · · Score: 1, Interesting

    PGPhone -- encrypt encrypt encrypt. Won't protect you against NSA-level shit, but it will at least get the petty bureaucretins out of the way.

  4. No possible way to disprove the claim by fluch · · Score: 2, Interesting

    With closed source and closed protocol specifications there is no way to disprove the claim of an existing backdoor. Regardless of wether there really exist a backdoor or not. Simple but true and it is the drawback of wanting to provide security in a closed source environment.

  5. Re:Brought to you by closed source by andymadigan · · Score: 2, Interesting

    I'm pretty sure it would be trivial to set up a PC to PC voice connection, even with just openssh, assuming the microphone and speaker are both "files".

    I'd imagine on both sides the command would look like this:

    ssh joe@someplace.net 'cat > /dev/snd/out' < /dev/snd/mic

    Obviously I don't know the exact device name, and you might have to use some other program to read in from the mic and such. IF the connection is slow/choppy, use speex. You should still even be able to do it from the command line, assuming the speex encoder streams.

    The point is, and I'm sure you know this, there are already OSS programs capable of setting up the whole connection, so skype being buggable just makes it easier to spy on people who aren't as concerned about their privacy and/or deal with people who aren't.

    On another note, isn't it possible that the official was only talking about skypeOut calls? Surely bugging a call over PSTN coming from skype is no different than any other PSTN call, and they don't need to break skype to do it.

    And, as demonstrated above, there are far more secure ways to do PC2PC than skype.

    --
    The right to protest the State is more sacred than the State.
  6. That's not the point by Anonymous Coward · · Score: 2, Interesting

    I think what people are worrying about is not the risk of being individually targeted for lawful interception, but the risk of blanket mass interception of all calls worldwide, using automated keyword matching implemented extremely efficiently on extraordinarily vast numbers (100s millions, money no object, power 20MW+) of dedicated chips, not general purpose CPUs, that fill no more than 4.5 acres of warehousing underground consuming c.5MW surprisingly.

  7. Re:Brought to you by closed source by Anonymous Coward · · Score: 1, Interesting

    You don't expect me to convince all my contacts to start using their computer to receive calls, do you?

    Actually, I think the popularity of skype suggests exactly that.

    I'd like to see some numbers of how many skype calls are skype-to-skype, and how many involve the phone system.