Data can be hidden in Skype’s silence

Wojciech Mazurczyk at the Institute of Telecommunications in Warsaw, Poland, has discovered a method to use the silence between words in a Skype conversation. Skype speech is transmitted in 130-bit data packets. But rather than transmitting nothing between words, Skype transmits 70-bit packets that are ignored at the receiving end. Mazurczyk has developed a steganographic method to use these packets, combining both encryption and obfuscation. 

Under normal circumstances, the ‘silent’ packets are simply ignored. The receiver – or any eavesdropper – will hear nothing. But Mazurczyk can hijack the packets and inject encrypted data. “The Skype receiver simply ignores the secret-message data, but it can nevertheless be decoded at the other end, the team has found,” reports the New Scientist. "The secret data is indistinguishable from silence-period traffic, so detection of SkypeHide is very difficult," says Mazurczyk.

Skype was once considered a secure means of communication since it encrypts its content by default. But concerns have grown since the company was acquired by Microsoft. It is known that law enforcement agencies are trying to persuade major companies to include a backdoor that they could use for surveillance. Indeed, the Skype privacy policy explicitly warns that “Skype may disclose personal information to respond to legal requirements, exercise our legal rights or defend against legal claims, to protect Skype’s interests, fight against fraud and to enforce our policies or to protect anyone’s rights, property, or safety.”

VentureBeat also notes that “Microsoft does have a patent application in process called “Legal Intercept” that enables the ability to record ‘any kind of voice-over-Internet-protocol (VoIP) communications’ by re-routing messages over ‘a path that includes a recording agent’.” Legal Intercept would allow communications to be diverted through a recording device, giving law enforcement the opportunity to gain access to the content. 

“VoIP may include audio messages transmitted via gaming systems, instant messaging protocols that transmit audio, Skype and Skype-like applications, meeting software, video conferencing software, and the like,” says the Microsoft patent filing. SkypeHide – which will be presented at an ACM Workshop on Information Hiding and Multimedia Security in Montpellier, France, in June – could provide a method to defeat Legal Intercept type interceptions. But it does suffer from the one great problem of steganography: law enforcement may not be able to decipher the encryption, but its mere existence is an immediate red flag.

What’s hot on Infosecurity Magazine?