Security Experts:

Researchers Encode Hidden Messages in Skype Calls

University researchers developed a way to encode hidden messages using the silent portions of a Skype call.

Since Skype transmits voice data using 130-byte packets and silences in 70-byte packets, researchers at the Institute of Telecommunications of the Warsaw University of Technology were able to hide a message using structured sequences of silent packets, according to a report in the New Scientist. Wojciech Mazurczyk, Krysztof Szczypiorsk, and Maciej Karaœ built the SkypeHide (also known as SkyDe) application to demonstrate their technique. The application on the sending computer encodes a message in the silent packets in the call's data stream.

The application on the receiving computer reads the smaller data packets to extract the message. Hidden messages can contain text, audio or video content, so long as the total message does not exceed the maximum transmission rate of 1kbps.

Mazurczyk and Szczypiorski built on their earlier research in steganography using VoIP streams to build SkypeHide. They had previously developed techniques to use empty fields in the RTCP (Real-Time Control Protocol) and RTP (Real-Time Transport Protocol) VoIP protocols to transmit hidden messages. 
The “packet hijack” is hard to detect, as the packets containing the hidden message would be indistinguishable from the normal packets transmitting silence, according to the New Scientist report.

Skype relies on peer-to-peer connections to make calls, making it difficult for malicious parties to intercept or eavesdrop on Skype calls. However, law enforcement has complained this makes it difficult for them to listen in on suspects and other persons of interest using the service to plan or discuss their activities. While Skype has not discussed how its technology works, there have been hints the company could hand over Skype call log data as part of a legal proceeding.

Microsoft, which now owns Skype, has denied rewriting the tool to include a backdoor to allow eavesdropping.

SkypeHide will be presented in June at the First ACM Information Hiding and Multimedia Security Workshop at the University of Montpellier.

Related Reading: Defeating Skype Encryption Without a Key

Fahmida Y. Rashid is a contributing writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.