How to intercept Skype calls

Powered by SC Magazine
 

Linguists bypass encryption and rebuild conversations base on speech patterns.

Researchers have discovered a trick that allows encrypted VoIP calls like Skype to be deciphered without the need to crack encryption.

The method, dubbed "Phonotactic Reconstruction", exploited the Linear Predictive Filter, a system used by Voice over Internet Protocol platforms to transmit conversations by creating data sets from spoken English.

Data sets were used to rebuild Skype conversations because they resemble the fragments of spoken words, or phonemes, on which they were modelled.

Linguists were helped further because the scripts and file sizes of the data sets, even after encryption, matched phonemes. Rules of spoken language mean that phonemes have a strict placement within words, which helped linguists reconstruct conversations.

While the exploit meant the University of North Carolina linguists did not need to crack encryption –an expensive process of complex mathematics and onerous compute resources – it could produce high-quality reconstructed conversations.

“Our results show that the quality of the recovered transcripts is far better in many cases than one would expect,” the researchers wrote in a paper (pdf).

“While the generalised performance is not as strong as we would have liked … one would hope that such recovery would not be at all possible since VoIP audio is encrypted precisely to prevent such breaches of privacy.”

“It is our belief that with advances in computational linguistics, reconstructions of the type presented will only improve.”

While Linear Predictive Filtering weakens cryptography because encrypted data bears a statistical relationship to the source data, it is used by VoIP systems because it provides the best type of compression.

But while reconstruction is possible, the researchers said Skype cannot be considered safe. “No reconstruction, even a partial one, should be possible; indeed, any cryptographic system that leaked as much information as shown here would immediately be deemed insecure.

Copyright © SC Magazine, Australia


How to intercept Skype calls
 
 
 
Top Stories
Making a case for collaboration
[Blog post] Tap into your company’s people power.
 
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
 
Tracking the year of CIO churn
[Blog post] Who shone through in 12 months of disruption?
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  68%
 
Advanced persistent threats
  4%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  12%
TOTAL VOTES: 1051

Vote