Skype is compromised

From Organic Design wiki
Mideast Taps Western Tools to Curb Skype Rebellion 
A cottage industry of U.S. and other companies is now designing and selling tools that can be used to block or eavesdrop on Skype conversations. One technique: Using special "spyware," or software that intercepts an audio stream from a computer-thereby hearing what's being said and effectively bypassing Skype's encryption. Egypt's spy service last year tested one product, FinSpy, made by Britain's Gamma International UK Ltd., according to Egyptian government documents and Gamma's local reseller.

Gleaned links

From comments on original story on WSJ

"The threat is primarily against Windows platform. None of the 'eavesdropping' tools are actually breaking Skype's encryption. Rather, the user is duped into installing "malware" which does keystroke logging, reads contents of memory, leaks audio stream, etc."

"the dissidents are using Microsoft Windows, which is easily infected with spyware. The smarter dissidents would be using Macs, but if they are conversing with a Windows user on Skype, they might still have a security problem due to problems at the other end of the conversation."

"Skype software uses a standard AES (Advanced Encrytion Standard) encryption method, where the key is the Skype's user-name and password. So, for a third party to decrypt and listen in a Skype conversation, the third party must somehow steal the Skype's user names and password. However, note that it is an open secret among encryption experts that the AES method has been selected and standardized for public use precisely because it is very hard to break, but not impossible. In other words, cryptologists suspect that there is a "back-door" to break in the AES. It is rumoured that some advanced intelligence agencies have such capabilities."

"All of the methods and products discussed in this article for hacking Skype phone calls involved a virus/spyware for capturing the voice stream before it was encrypted by Skype. It is very much easier to infect a windows machine than Linux or Apple."

"Skype does not use the user name/password for the traffic key - that would be enormously stupid and quite humorous. Instead, it negotiates a session key using well-known techniques that would prevent an eavesdropper from being able to derive that session key. See, for example Diffie-Hellman key negotiation"

Retrieved from "https://organicdesign.nz/wiki/index.php?title=Skype_is_compromised&oldid=102134"