Hiding Secret Messages In Skype Silences

← Back to Stories (view on slashdot.org)

Hiding Secret Messages In Skype Silences

Posted by samzenpus on Monday January 7, 2013 @07:47AM from the sound-of-silence dept.

Orome1 writes "A group of researchers from the Institute of Telecommunications of the Warsaw University of Technology have devised a way to send and receive messages hidden in the data packets used to represent silences during a Skype call. After learning that Skype transmits voice data in 130-byte packets and the silences in 70-byte packets, the researchers came upon the idea of using the latter to conceal the sending and receiving of additional messages."

20 of 79 comments (clear)

Min score:

Reason:

Sort:

Go old school rather than packet level? by Keruo · 2013-01-07 07:57 · Score: 3, Funny

If you talk long conversation, specific pauses might simply work as morse code.

--
There are no atheists when recovering from tape backup.
Eloquent silence by maxwell+demon · 2013-01-07 07:58 · Score: 2

I wonder why Skype needs 70 bytes to transmit essentially nothing. Maybe they already do use it for secret data transmission, just to their own servers?

--
The Tao of math: The numbers you can count are not the real numbers.
1. Re:Eloquent silence by Anonymous Coward · 2013-01-07 08:07 · Score: 2, Insightful
  
  UDP overhead is 28 bytes for ipv4. Add in overhead for the audio codec to represent a timeframe for a sound and 70 bytes become reasonable.
2. Re:Eloquent silence by hawguy · 2013-01-07 08:14 · Score: 3, Interesting
  
  Exactly what I was thinking.
  You would think that a packet specifying X seconds of simulated silence could be packed into a few bits, so maybe two bytes should suffice.
  Clearly there is something else going on, or they would not have designed such a large packet to "represent silence".
  That one can distinguish the silence packets from the voice packets doesn't speak too well of the encryption that Skype has always claimed they use.
  If the Skype client didn't send packets during 'silence', then the client on the receiving end of an extended silent session wouldn't know whether there was silence on the other end or a network problem. That's why the client keeps sending packets even during "silence" rather than just timing silent sections then sending out a packet at the end of the silence saying "It was silent for the past 10 seconds, so that's why you didn't receive any data from me".
3. Re:Eloquent silence by Minwee · 2013-01-07 08:17 · Score: 5, Insightful
  
  Exactly what I was thinking.
  You would think that a packet specifying X seconds of simulated silence could be packed into a few bits, so maybe two bytes should suffice.
  Were you planning on sending that "two seconds of silence" packet at the _start_ of the pause? If so I know a few theoretical physicists and at least one state lottery commission who would _love_ to see your algorithm.
4. Re:Eloquent silence by tlhIngan · 2013-01-07 08:20 · Score: 2
  
  I wonder why Skype needs 70 bytes to transmit essentially nothing. Maybe they already do use it for secret data transmission, just to their own servers?
  Encryption padding, I'd guess. Use something like AES which only works on 128/192/256 bit blocks (depending on key size)(16/24/32 bytes) and if you have a short packet of silence, it has to be padded in order to be encrypted. I'm guessing there might be a header and other stuff that pushes it to 70 bytes.
5. Re:Eloquent silence by Anonymous Coward · 2013-01-07 08:21 · Score: 2, Insightful
  
  Btw, Silence is a sound for computers which is represented by a flat line or basically the value of 0. Not getting packets and getting a value of 0 are different things whereas the former can be due to packet lost and broken connection while the latter is an actual value.
6. Re:Eloquent silence by Anonymous Coward · 2013-01-07 08:26 · Score: 2, Informative
  
  +1
  Skype is far from the first VoIP protocol to do this.
  http://en.wikipedia.org/wiki/Voice_activity_detection
  http://en.wikipedia.org/wiki/Comfort_noise
7. Re:Eloquent silence by maxwell+demon · 2013-01-07 08:45 · Score: 2
  
  It is obvious that Skype uses voice activity detection, or else the silence packets would be as large as the voice packeage. The whole point is why they are still quite large (large enough to send a substantial amount of data).
  The second link is totally irrelevant because it doesn't concern the sender, but the receiver. The noise the receiver generates certainly does not depend on the size of the silence packages the sender sends.
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
8. Re:Eloquent silence by ottothecow · 2013-01-07 10:08 · Score: 2
  
  Maybe they found they were having trouble with traffic shaping/QOS type systems.
  Have to keep something decently sized flowing through the connection or it gets de-prioritized and then when real content starts flowing again, it lags? I don't know if this is true, but it sounds like a reasonable explanation considering how skype's design is so heavily focused on being able to punch through hostile networking environments and maintain a workable stream.
  
  --
  Bottles.
There goes that idea by Jeng · 2013-01-07 07:59 · Score: 4, Insightful

If you are going to hide something, don't let everyone know where you put it.
Now that the exploit has been discussed it will be watched out for.

--
Don't know something? Look it up. Still don't know? Then ask.
1. Re:There goes that idea by Anonymous Coward · 2013-01-07 08:16 · Score: 2, Informative
  
  It's not an exploit.
Move Along by Anonymous Coward · 2013-01-07 08:04 · Score: 5, Funny

Nothing to see hear.
Re:paranoid mode engaged ! by hawguy · 2013-01-07 08:16 · Score: 2

So skype has 1kilobit/sec spare capacity when transmitting silence ? How much data does it actually sent then ? just for silence ?
This protocol is either very inefficient, or there is reason for this 'waste' of bandwidth. So what does skype use it for ?
From TFA, it's 70 bytes per packet (560 bits, excluding packet overhead), so less than 2 packets/second gives 1kbit/second of data. That doesn't seem all that inefficient.
Re:Waste of time by hawguy · 2013-01-07 08:18 · Score: 2

There are a million ways to communicate in secret, and this ranks among the stupidest.
Which ways are less stupid than hiding your packets in a stream that's believed to be innocuous and even if the voice packets are monitored, your hidden data would presumably remain hidden?
Whitespace! by Vlad_the_Inhaler · 2013-01-07 08:19 · Score: 4, Funny

C may currently have overtaken Java as the most popular language but Whitespace is going to overtake them all!

--
Mielipiteet omiani - Opinions personal, facts suspect.
Re:Bitwise by vlm · 2013-01-07 08:29 · Score: 2

Each side has a very smart bridge.
If bridge A sees an incoming 130 byte packet from the LAN side thats obviously skype, pass it.
If bridge A sees an incoming 70 byte packet from the LAN side thats obviously skype, add a 60 byte encrypted / hashed / whateverd back channel of data.
If bridge B sees an incoming 130 byte packet from the LAN side thats obviously skype, ram it thru the decrypt / dehash / whateverd thing and see if the last 60 bytes decodes to a valid back channel data packet. To a crude first approximation your bit error rate will approximate your magic number or header or whatever length, so requiring the decrypted packet data to begin with 0x1234 means you'll only false positive about once in 2**32 decodes, probably good enough for text, maybe not so good for DVD iso transfer.
This simple idea is pretty simple to traffic analyze. Are the conversation patterns more like speech or embedded text? A slightly intelligent algo on the TX side could fix that (perhaps only the first silence packet after normal speech gets special data, or it only sends special data in a vaguely normal conversational (very) random pattern). You can come up with traffic analysis systems all day.. my rev-2 design could be caught by displaying a histogram of how long each stretch of silence is, how odd that this convo 1 packet long silences match the typical graph for 2 packet long silences instead of typical 1 packet long...

--
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
skype update in by dutchwhizzman · 2013-01-07 09:18 · Score: 2

3
2
1
Because MicroSoft will have none of this, obviously.

--
I was promised a flying car. Where is my flying car?
The quiet ones ... by PPH · 2013-01-07 09:30 · Score: 2

... have the loudest minds.

--
Have gnu, will travel.
Side channel communications is not news. by Frobnicator · 2013-01-07 09:31 · Score: 2

Side channel attacks are old-school but any security researcher worth their title knows about them.
This was a popular attack in the 60's and 70's for governments.
Decades ago CS programs taught about how spies once leaked data from secret-privileged machines by emitting communications through CPU load, or through disk usage, or through various other timing attacks.

--
//TODO: Think of witty sig statement