How to intercept Skype calls

Powered by SC Magazine
 

Linguists bypass encryption and rebuild conversations base on speech patterns.

Researchers have discovered a trick that allows encrypted VoIP calls like Skype to be deciphered without the need to crack encryption.

The method, dubbed "Phonotactic Reconstruction", exploited the Linear Predictive Filter, a system used by Voice over Internet Protocol platforms to transmit conversations by creating data sets from spoken English.

Data sets were used to rebuild Skype conversations because they resemble the fragments of spoken words, or phonemes, on which they were modelled.

Linguists were helped further because the scripts and file sizes of the data sets, even after encryption, matched phonemes. Rules of spoken language mean that phonemes have a strict placement within words, which helped linguists reconstruct conversations.

While the exploit meant the University of North Carolina linguists did not need to crack encryption –an expensive process of complex mathematics and onerous compute resources – it could produce high-quality reconstructed conversations.

“Our results show that the quality of the recovered transcripts is far better in many cases than one would expect,” the researchers wrote in a paper (pdf).

“While the generalised performance is not as strong as we would have liked … one would hope that such recovery would not be at all possible since VoIP audio is encrypted precisely to prevent such breaches of privacy.”

“It is our belief that with advances in computational linguistics, reconstructions of the type presented will only improve.”

While Linear Predictive Filtering weakens cryptography because encrypted data bears a statistical relationship to the source data, it is used by VoIP systems because it provides the best type of compression.

But while reconstruction is possible, the researchers said Skype cannot be considered safe. “No reconstruction, even a partial one, should be possible; indeed, any cryptographic system that leaked as much information as shown here would immediately be deemed insecure.

Copyright © SC Magazine, Australia


How to intercept Skype calls
 
 
 
Top Stories
Photos: iTnews Benchmark Awards countdown begins
Just a few days left until entries close for 2014.
 
Australian Govt to rethink cyber security strategy
Six-year old policy to be refreshed.
 
The failure of the antivirus industry
[Blog post] Insights from AVAR 2014.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 1073

Vote