Researchers have discovered a trick that allows encrypted VoIP calls like Skype to be deciphered without the need to crack encryption.
The method, dubbed "Phonotactic Reconstruction", exploited the Linear Predictive Filter, a system used by Voice over Internet Protocol platforms to transmit conversations by creating data sets from spoken English.
Data sets were used to rebuild Skype conversations because they resemble the fragments of spoken words, or phonemes, on which they were modelled.
Linguists were helped further because the scripts and file sizes of the data sets, even after encryption, matched phonemes. Rules of spoken language mean that phonemes have a strict placement within words, which helped linguists reconstruct conversations.
While the exploit meant the University of North Carolina linguists did not need to crack encryption –an expensive process of complex mathematics and onerous compute resources – it could produce high-quality reconstructed conversations.
“Our results show that the quality of the recovered transcripts is far better in many cases than one would expect,” the researchers wrote in a paper (pdf).
“While the generalised performance is not as strong as we would have liked … one would hope that such recovery would not be at all possible since VoIP audio is encrypted precisely to prevent such breaches of privacy.”
“It is our belief that with advances in computational linguistics, reconstructions of the type presented will only improve.”
While Linear Predictive Filtering weakens cryptography because encrypted data bears a statistical relationship to the source data, it is used by VoIP systems because it provides the best type of compression.
But while reconstruction is possible, the researchers said Skype cannot be considered safe. “No reconstruction, even a partial one, should be possible; indeed, any cryptographic system that leaked as much information as shown here would immediately be deemed insecure.