Skype is great, but should you bet your freedom on its security?
"Answer hazy, try again later"
Published 13:54, 25 March 11
I should start with disclosure: on March 15th Privacy International (PI) posted a press release calling upon Skype to respond to what they call mounting security concerns regarding Skype's core product.
I saw a draft of this press release because I know the person who wrote it - Eric King at PI - and I passed some (mostly grammar-related) feedback upon it, but I was in no position to - nor did I - substantially amend it.
Regarding the content of the press release:
- I believe that not all of the issues that PI cites are broadly exploitable, and...
- I believe that PI also missed a selection of greater, more pointed, more technical criticisms, but...
- Overall my impression was that the press release might be a good way to start discussion.
The security of Skype is such a contentious issue in IT that the topic merits its own Wikipedia page - but being Wikipedia, and especially in this case, the cited "facts" should be taken with a very large grain of salt, because the secrecy which Skype (the company) wraps around the internal mechanisms of Skype (the product) feeds an enormous rumour-mill.
For instance: In 2008 the Bavarian state police were caught trying to develop official malware which they could install onto someone's machine, and which would provide Skype voice-call interception. It's a well documented tale and is clearly
Similar rumours fly out of Austria because of reporting that it is not a problem for [the Austrian government] to listen-in on Skype conversations. I'm sorry but if any government is capable of breaking Skype's encryption, were it to be the Austrians then everyone would be doing it by now. My suspicion is that any claim of Austrian ability to intercept Skype traffic is down to bravado, malware, and the obvious ability to intercept Skype calls at any point where they turn into Plain Old Telephone System (POTS) calls, eg: a Skype call placed to a landline.
But the big Skype security story is China; there the software is distributed by a partner as TOM-Skype, along with extra bundled software which (since 2006) has censored IM messages containing certain keywords and (in 2008) was found to be centrally logging the censored messages and call records, presumably for later analysis.
With all this historical background the Privacy International press release garnered press attention. Then Sophos waded into the fray on the Risky Business podcast #187 where RB host Patrick Gray interviews Paul Ducklin, Sophos' Head of Technology for Asia Pacific.
In the segment Gray and Ducklin attack the technical content of PI's press release, and the gaps in its content, and it's tone, the latter in strong terms:
"the thing that set my 'oh dear' detector off" ... "your bullshitometer?" ... "demagoguery I have not heard since the days of student union" ... "it just seems that they've just looked around for a drum that they can bang on" ... "I think it's worse than 'a bucket of #fail'"
Whilst I feel that he was over-analysing the tone and the technical capability of the press release, Ducklin does make a good fist of the gaps which PI either missed or glossed-over; the issues which PI explicitly raised are:
- The user interface does not display a "real skype username" in the contact list
- Skype's software downloads are not delivered over a HTTPS / SSL connection
- Skype uses a technique of Variable Bit Rate (VBR) audio-compression, architectural features of which may provide a route towards "listening in" to voice calls
...however Ducklin observes that "if those are the urgent [security concerns], the rest must be pretty ordinary", and Gray refers to the "over-the-top urgency" of the press release. I could only partly agree - for me these issues are simply opening shots, roughly stated; so I tweeted Ducklin and Sophos' Chet Wisniewski, further requesting a public quote. I followed through with an e-mail, asking:
I would be interested to understand more about what leads you and Paul to make such a spirited defence of Skype for use by dissidents, or indeed anyone else?
...and for sheer naughtiness I included an illustration of how my name appeared to friends on Skype at that moment:
Chet's response follows, at length:
---- snip ----
To some degree the spirit in which we spoke may have been slightly misleading. I can't speak for Paul, but I think him and I are generally on the same page.
The 3 points raised in PI's press release don't seem to be nearly as damning as the tone of the letter. Would I specifically recommend Skype to a dissident concerned with their safety? Perhaps not. But not for the reasons given by Privacy International.
1. There are several opportunities for the compromise of a Skype connection considering the technology in use. If your NAT does not allow a direct incoming connection at either end, then your connection is proxied through the Skype servers. A "man-in-the-middle" attack against a connection like this would seem to be easy for Skype to accomplish if they were directed to do so by law enforcement.
I would say the first step in having a secure Skype connection would be to avoid use of these Skype proxies, and to be sure you can have a "0 hop" conversation.
The second method with which Skype could "cooperate" with authorities would require them to have a backdoor in their encryption protocol. In this case the "authorities" would need to intercept your entire conversation and then gain access to the magic decryption keys. Considering that Skype uses a proprietary encryption algorithm it is difficult to know whether this is possible.
While the VBR question and research is interesting, it leaves out too much detail [Ed: and the research is too old?] to be useful. I think that regardless of the accuracy, you are still reading tea leaves. I won't go so far as to say it is impossible, but the likelihood of it being useful in a meaningful way is quite low. If you are a dissident and you have a more secure way to communicate, then you are way ahead of the game and should avoid VoIP technology.
2. As we saw today [Ed: see also this posting] SSL is based upon transitive trust and is not useful for identification. The use of SSL downloads is a total red herring as the Hong Kong Post Office can create any SSL certificate they like. Your comments about [Ed: how desirable it would be for Skype to publish their software's SHA256 or GPG] hashes is much more valuable, but the communication of valid hashes can only be relied upon out-of-band. If I can alter your communications with a download/webpage then I can alter the page that publishes the hash.
3. Skype is closed source, so place your trust where you wish. I do not believe that Paul and I suggested that Skype is an ideal solution for those people who need to securely communicate and believe that their local authorities may wish to intercept that communication. I do believe however that the PI story is overplaying the publics fears about weaknesses in Skype that are present in nearly every technology that we use.
Should we do a better job? Of course. Is there an easy answer? No. If the purpose is to perform a hardcore security analysis there is a lot more work to do. Were I to compare the security of Skype to my alternatives, assuming that I were not a security professional, I believe it would be difficult to find an easier to use solution for a non-technical expert to use that provided more security.
On the subject of dissidents and the fact that anyone can appear as anyone else, I personally would create a new Skype account each time I used it. I would be sure to be on a unique IP address from previous uses and would contact the other end via an agreed upon email address change that would occur each time. This dramatically complicates the efforts of the interloper.
Thanks for your questions. I think we all agree about the importance of the cause and we certainly don't want to put folks at risk. I simply feel that the risks present at this time compared to the alternatives are exaggerated.
---- snip ----
...and so the public debate continues.
I largely agree with Chet's analysis although he too misses a few tricks (like: GPG signatures can be signed by a private key; but then from whence comes the certificate to check it?) - but we are both making guesses regards the cryptography that Skype uses to protect both voice and IM communication.
Perhaps that should be the most significant concern for Skype users: Chet, Paul, Patrick and myself - we're all supposed to be "experts" on security, yet none of us have an objective, clear, complete, and shared understanding of how secure Skype really is.
 desktop audio is available via a player on Sophos' Naked Security website; starts at 19m30, Skype-related at 26m35