Saturday, October 25, 2014
There have been a lot of interest recently in the security of Skype and whether calls made on the service can be intercepted. There are a few things about the security implemented by Skype that are known and a lot of things that are unknown.
People from Skype have repeatedly stressed that calls are encrypted end-to-end. The problem is not whether the calls are encrypted. The problem is how the keys are managed. While Skype has been very vocal about the encryption part, they have been very silent about how the keys are managed.
The analogy is simple. If you lock your house door and leave the keys under the door mat, is the house secure? Yes, you have locked the door, the lock may be unbreakable, but anyone who is half smart can get the key and get in. That is the crux of the problem here. Skype has not explicitly told us where and how the keys are stored and who has access to them.
Based on the fact that moving to a new device, logging in to an existing Skype account and initiating a call to a friend does not ask the friend to verify the encryption key, it is possible that the encryption keys are actually stored along with the account information on Skype servers. The keys may just be downloaded to the new device and used again. That could mean that government agencies can also get those keys and could eavesdrop on those calls.
Another possibility is that new keys are generated for each new device, the public key on the device is signed digitally by Skype. This means that Skype could sign someone else’s keys (say, a government organization) on your behalf. This could lead to that person (or entity) successfully impersonating you, leading to man-in-the-middle attacks.
While hacker may still have to depend on malware on the client machines to intercept Skype calls, it might be very easy for law enforcement (or other government) agencies to intercept them.
The issue here is that until Skype comes out with details on how it implements security and manages keys, you have to assume that the service is insecure for all communications that require confidentiality. It should be noted that this should not matter to most users. But it does impact privacy. Some people may just not want their conversations to be public, even though they are not doing anything nefarious.
For a more thorough read on how the cryptography works (or could work), you should read Christopher Soghoian’s blog post on this subject.