Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Defeating Skype Encryption Without a Key

Skype allows customers to communicate over Voice over Internet Protocol (VoIP) platforms. And because it is encrypted, Skype, which was recently purchased by Microsoft for $8.5 Billion, is used by many businesses today for their international phone calls. What researchers have found, however, is a novel way to decrypt those conversations without ever knowing the encryption key.

Skype allows customers to communicate over Voice over Internet Protocol (VoIP) platforms. And because it is encrypted, Skype, which was recently purchased by Microsoft for $8.5 Billion, is used by many businesses today for their international phone calls. What researchers have found, however, is a novel way to decrypt those conversations without ever knowing the encryption key.

Hacking SkypeResearchers Andrew M. White, Austin R. Matthews, Kevin Z. Snow, and Fabian Monrose from the Department of Computer Science and the Department of Linguistics at the University of North Carolina at Chapel Hill used an attack, dubbed “Phonotactic Reconstruction”, in their research paper, amusingly subtitled “Hookt on Fon-iks,” to predict clear text words from encrypted sequences. What they did was segment sequences of the VoIP packets into sub-sequences mapped into candidate words, then, based on rules of grammar, hypothesized these sub-sequences into whole sentences. In other words, they were able to reconstruct the conversation by guessing and predicting the original sounds used within the original Skype conversation.

Because of its faster compression, VoIP systems tend to use what’s called Linear Predictive Coding (LPC) to transmit voice conversations over IP. LPC creates data sets from spoken English on the sender’s end by breaking apart the resonances, hisses, and pops within and between words. The conversation is then synthesized on the receiving end by reversing the process. What the researchers did was simulate that reverse process in a lab. They wrote: “While the generalized performance is not as strong as we would have liked, we believe the results still raise cause for concern: in particular, one would hope that such recovery would not be at all possible since VoIP audio is encrypted precisely to prevent such breaches of privacy.”

This particular attack has its roots in linguistics. The researchers liken it to how infants break up speech into words without hearing actual pauses and word divisions within a sentence. Adults have a lexicon of sounds that make up individual words, but infants do not. Infants must rely on gestures, intonations and other clues to infer the breaks between words within the stream of sounds they hear. That is what this attack does; it attempts to build a lexicon of sounds using LPC to decode the conversation.

Unfortunately, the researchers don’t offer any solutions. They only hope that “this work stimulates discussion within the broader community on ways to design more secure, yet efficient, techniques for preserving the confidentiality of VoIP conversations.”

This holds relevance for device manufacturers. For example, integrated circuits consume varying rates of power. One can map that varying power consumption and begin to map the peaks and valley sequences to digits – ones and zeros. This is called Power Analysis Attacks. And they can be used to decode credit card sequences from a POS terminal or patient information from a medical device. The point is, there is data leaking out in ways we might not have thought possible.

Seeing research from the linguistics department have bearing on encryption is refreshing: It’s the “out of the box” thinking that cybercriminals employ. Often we’re left, after the fact, nodding our heads at the clever means by which someone used something completely unrelated to our field to defeat our security. Perhaps some of the standard computer security conferences should invite or challenge researchers in other disciplines to present. Imagine what we might learn.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.