More Skype Back Door Speculation - Slashdot

Please create an account to participate in the Slashdot moderation system

×

More Skype Back Door Speculation 210

Posted by CmdrTaco on Saturday July 26, 2008 @11:11AM from the i'm-your-backdoor-man dept.

An anonymous reader writes "According to reports, there may be a back door built into Skype, which allows connections to be bugged. The company has declined to expressly deny the allegations. At a meeting with representatives of ISPs and the Austrian regulator on lawful interception of IP based services held on 25th June, high-ranking officials at the Austrian interior ministry revealed that it is not a problem for them to listen in on Skype conversations."

This discussion has been archived. No new comments can be posted.

More Skype Back Door Speculation

Search 210 Comments Log In/Create an Account

Comments Filter:

Open source VoIP alternatives? (Score:4, Interesting)

by vertinox ( 846076 ) writes: on Saturday July 26, 2008 @11:14AM (#24348273)

I don't use Skype (or VoIP for that matter) but I would be curious if anyone knows of any alternatives that is completely open.

Share
twitter facebook
Decode the protocol? (Score:2, Interesting)

by forrie ( 695122 ) writes: on Saturday July 26, 2008 @11:20AM (#24348307)

Has anyone made attempts at decoding the SKYPE protocol. This would take some clever reverse engineering of the code and some clever wire sniffing.
I wonder if it would be possible to inject an encryption layer underneath what their service provides.
On a legal note, in the US, could consumers who purchased SKYPE products sue SKYPE.
Chances are pretty good that if this backdoor exists, it has for a long time.

Share
twitter facebook
Encrypt (Score:1, Interesting)

by Anonymous Coward writes: on Saturday July 26, 2008 @11:31AM (#24348411)

PGPhone -- encrypt encrypt encrypt. Won't protect you against NSA-level shit, but it will at least get the petty bureaucretins out of the way.

Share
twitter facebook
Re:Decode the protocol? (Score:5, Interesting)

by mrogers ( 85392 ) writes: on Saturday July 26, 2008 @11:39AM (#24348467)

The code is heavily [recon.cx] obfuscated [recon.cx] to prevent reverse engineering (encrypted code, checksums, debugger detection, all kinds of fun).

Parent Share
twitter facebook
No possible way to disprove the claim (Score:3, Interesting)

by fluch ( 126140 ) writes: on Saturday July 26, 2008 @11:42AM (#24348481)

With closed source and closed protocol specifications there is no way to disprove the claim of an existing backdoor. Regardless of wether there really exist a backdoor or not. Simple but true and it is the drawback of wanting to provide security in a closed source environment.

Share
twitter facebook
Re:Open source VoIP alternatives? (Score:3, Interesting)

by stinerman ( 812158 ) writes: on Saturday July 26, 2008 @12:25PM (#24348797)

Granted, but Gizmo5 is only a software program that interfaces with the SIP-based network. You can (and I have) used Ekiga as the software front-end that works with an account.
The only downside is that there isn't any encryption, so it'd be pretty trivial to bug.

Parent Share
twitter facebook
Re:Brought to you by closed source (Score:3, Interesting)

by andymadigan ( 792996 ) writes: <amadigan@nOSpaM.gmail.com> on Saturday July 26, 2008 @12:46PM (#24348949)

I'm pretty sure it would be trivial to set up a PC to PC voice connection, even with just openssh, assuming the microphone and speaker are both "files".

I'd imagine on both sides the command would look like this:

ssh joe@someplace.net 'cat > /dev/snd/out' < /dev/snd/mic

Obviously I don't know the exact device name, and you might have to use some other program to read in from the mic and such. IF the connection is slow/choppy, use speex. You should still even be able to do it from the command line, assuming the speex encoder streams.

The point is, and I'm sure you know this, there are already OSS programs capable of setting up the whole connection, so skype being buggable just makes it easier to spy on people who aren't as concerned about their privacy and/or deal with people who aren't.

On another note, isn't it possible that the official was only talking about skypeOut calls? Surely bugging a call over PSTN coming from skype is no different than any other PSTN call, and they don't need to break skype to do it.

And, as demonstrated above, there are far more secure ways to do PC2PC than skype.

Parent Share
twitter facebook
That's not the point (Score:2, Interesting)

by Anonymous Coward writes: on Saturday July 26, 2008 @01:08PM (#24349081)

I think what people are worrying about is not the risk of being individually targeted for lawful interception, but the risk of blanket mass interception of all calls worldwide, using automated keyword matching implemented extremely efficiently on extraordinarily vast numbers (100s millions, money no object, power 20MW+) of dedicated chips, not general purpose CPUs, that fill no more than 4.5 acres of warehousing underground consuming c.5MW surprisingly.

Parent Share
twitter facebook
Re:Open source VoIP alternatives? (Score:4, Interesting)

by NormalVisual ( 565491 ) writes: on Saturday July 26, 2008 @01:29PM (#24349251)

The thing is, I'd imagine any agency that can get a warrant to use the backdoor in Skype can also get a warrant to examine your net connection for voice traffic. VoIP implemented over SIP/RTP is quite easy to listen in on if you have access to the entire bit stream since practically nobody encrypts the RTP stream.

Parent Share
twitter facebook
Re:Brought to you by closed source (Score:1, Interesting)

by Anonymous Coward writes: on Saturday July 26, 2008 @01:31PM (#24349275)

You don't expect me to convince all my contacts to start using their computer to receive calls, do you?
Actually, I think the popularity of skype suggests exactly that.
I'd like to see some numbers of how many skype calls are skype-to-skype, and how many involve the phone system.

Parent Share
twitter facebook
Re:Open source VoIP alternatives? (Score:5, Interesting)

by davester666 ( 731373 ) writes: on Saturday July 26, 2008 @02:42PM (#24349773) Journal

Oh, for the good old days, when you actually needed a warrant.
Now they just get your packets to route across a border, and then can listen in at will [if you're not in the US].
If you do happen to live in the US, they just declare [as in, speak into the air] "This person is obviously an terrorist, an enemy combatant not in an official uniform, therefore, I can listen to all their phone calls.". Then the phone and/or VOIP company is required to permit the wiretap. This used to require a photocopied letter, but those were just too much of a hassle to carry around...

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

692 commentsMen Overran a Job Fair For Women In Tech
512 commentsGoogle Workers Protest Cloud Contract With Israel's Government
472 commentsHow Electric Cars are Already Upending America
446 commentsInternet Access in Gaza is Collapsing as ISPs Fall Offline
424 commentsConservatives Bombarded With Facebook Misinformation Far More Than Liberals In 2020 Election, Study Suggests

Happiness is twin floppies.