Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Defeating Skype Encryption Without a Key

Skype allows customers to communicate over Voice over Internet Protocol (VoIP) platforms. And because it is encrypted, Skype, which was recently purchased by Microsoft for $8.5 Billion, is used by many businesses today for their international phone calls. What researchers have found, however, is a novel way to decrypt those conversations without ever knowing the encryption key.

Skype allows customers to communicate over Voice over Internet Protocol (VoIP) platforms. And because it is encrypted, Skype, which was recently purchased by Microsoft for $8.5 Billion, is used by many businesses today for their international phone calls. What researchers have found, however, is a novel way to decrypt those conversations without ever knowing the encryption key.

Hacking SkypeResearchers Andrew M. White, Austin R. Matthews, Kevin Z. Snow, and Fabian Monrose from the Department of Computer Science and the Department of Linguistics at the University of North Carolina at Chapel Hill used an attack, dubbed “Phonotactic Reconstruction”, in their research paper, amusingly subtitled “Hookt on Fon-iks,” to predict clear text words from encrypted sequences. What they did was segment sequences of the VoIP packets into sub-sequences mapped into candidate words, then, based on rules of grammar, hypothesized these sub-sequences into whole sentences. In other words, they were able to reconstruct the conversation by guessing and predicting the original sounds used within the original Skype conversation.

Because of its faster compression, VoIP systems tend to use what’s called Linear Predictive Coding (LPC) to transmit voice conversations over IP. LPC creates data sets from spoken English on the sender’s end by breaking apart the resonances, hisses, and pops within and between words. The conversation is then synthesized on the receiving end by reversing the process. What the researchers did was simulate that reverse process in a lab. They wrote: “While the generalized performance is not as strong as we would have liked, we believe the results still raise cause for concern: in particular, one would hope that such recovery would not be at all possible since VoIP audio is encrypted precisely to prevent such breaches of privacy.”

This particular attack has its roots in linguistics. The researchers liken it to how infants break up speech into words without hearing actual pauses and word divisions within a sentence. Adults have a lexicon of sounds that make up individual words, but infants do not. Infants must rely on gestures, intonations and other clues to infer the breaks between words within the stream of sounds they hear. That is what this attack does; it attempts to build a lexicon of sounds using LPC to decode the conversation.

Unfortunately, the researchers don’t offer any solutions. They only hope that “this work stimulates discussion within the broader community on ways to design more secure, yet efficient, techniques for preserving the confidentiality of VoIP conversations.”

This holds relevance for device manufacturers. For example, integrated circuits consume varying rates of power. One can map that varying power consumption and begin to map the peaks and valley sequences to digits – ones and zeros. This is called Power Analysis Attacks. And they can be used to decode credit card sequences from a POS terminal or patient information from a medical device. The point is, there is data leaking out in ways we might not have thought possible.

Seeing research from the linguistics department have bearing on encryption is refreshing: It’s the “out of the box” thinking that cybercriminals employ. Often we’re left, after the fact, nodding our heads at the clever means by which someone used something completely unrelated to our field to defeat our security. Perhaps some of the standard computer security conferences should invite or challenge researchers in other disciplines to present. Imagine what we might learn.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.