Skype Eavesdropping

Data that travels over the air and how to protect (or decipher) it

Re: Skype Eavesdropping

Post by faazshift on Thu Feb 11, 2010 5:47 pm
([msg=34883]see Re: Skype Eavesdropping[/msg])

Muskelmann098 wrote:Just one question though. If Skype encrypts the call as it leaves the program and not when it reaches the Skype server, wouldn't that make a MITM attack useless? Unless of course you can decrypt it.

Encrypting something at the intermediate server seems rather pointless, so yes, its client-side. A MITM attack would be fairly useless if you weren't intercepting the authentication. If you become an intermediary between them and the server, and get the necessary keys used in the encryption, then you could decrypt it. If you don't get the keys and the encryption is strong, it would be pretty useless to try a MITM attack.
faazshift
Contributor
Contributor
 
Posts: 516
Joined: Wed Jun 03, 2009 3:55 pm
Location: Riverton, Utah
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by Muskelmann098 on Fri Feb 12, 2010 10:33 am
([msg=34899]see Re: Skype Eavesdropping[/msg])

thetan wrote:In logical computer literate english please?


I'm sorry if I was unclear. What I meant was that if the call is encrypted client side, wouldn't a Man-in-the-Middle attack be useless?

Anyway, Faazshift pretty much answered that for me.
Muskelmann098
Experienced User
Experienced User
 
Posts: 78
Joined: Mon Feb 02, 2009 9:39 am
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by thetan on Fri Feb 12, 2010 11:13 am
([msg=34900]see Re: Skype Eavesdropping[/msg])

faazshift wrote:Encrypting something at the intermediate server seems rather pointless, so yes, its client-side. A MITM attack would be fairly useless if you weren't intercepting the authentication. If you become an intermediary between them and the server, and get the necessary keys used in the encryption, then you could decrypt it. If you don't get the keys and the encryption is strong, it would be pretty useless to try a MITM attack.

Well, i'd somewhat beg to differ. ATM, in the current state of SSL TLS if you don't have renegotiation disabled you can force a certificate renegotiation via a MiTM attack and grab/spoof certs as they fly by the wire, resulting in a successful decryption attack in real time requiring minimal horse power. Also with a MiTM attack you can (psuedo) force certificate renegotiation by dropping the connection completely, thus forcing the client to reconnect to the server, meaning the certificates must be negotiated again and thus leading back to the single point of failure that can be defeated with MiTM.

Look this is by no means a new technique and it's something that your ISP already probably does with HTTPS (http + ssl) requests in order to cache them so they can save money on critical infrastructure. Major caching proxy servers have this feature built in (Squid and IIRC apache2's mod_cache as well) and some major *nix distro even ship with "Snake Oil" Certificates for this purpose as well.

Muskelmann098 wrote:I'm sorry if I was unclear. What I meant was that if the call is encrypted client side, wouldn't a Man-in-the-Middle attack be useless?

Anyway, Faazshift pretty much answered that for me.

Still doesn't make much sense and is just further evident you really have no idea what you're talking about.
"If art interprets our dreams, the computer executes them in the guise of programs!" - SICP

Image

“If at first, the idea is not absurd, then there is no hope for it” - Albert Einstein
User avatar
thetan
Contributor
Contributor
 
Posts: 657
Joined: Thu Dec 17, 2009 6:58 pm
Location: Various Bay Area Cities, California
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by faazshift on Fri Feb 12, 2010 1:37 pm
([msg=34904]see Re: Skype Eavesdropping[/msg])

thetan wrote:Well, i'd somewhat beg to differ.

Yeah. Im not too intricately familiar with this particular field (as im sure you are).
faazshift
Contributor
Contributor
 
Posts: 516
Joined: Wed Jun 03, 2009 3:55 pm
Location: Riverton, Utah
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by nermd on Wed Feb 24, 2010 1:20 pm
([msg=35686]see Re: Skype Eavesdropping[/msg])

Some thought on this topic:
The most likly attack vector is that of a trojan intercepting audio transmission from skype. There are goverment agencies that do it this way. And dont say that trojans are always lame, read up some papers a good root-kit can be an EXTREMELY advanced piece of software. We are not living in the love-letter time anymore their are root kits that can transfer your OS in a virtual machine without you even knowing it! Luckily there are not so many ppl capable of writing something like that (...for more info on that topic check out the most seductive root-kit writter in the world Joanna Rutkowska :lol: ). how ever back to topic, my point was that you should not underestimate the power of modern trojans/root-kits. AFAIK trojans are used by german intelligence service (and most likely other thre-letter agencies use them too) to defeat the skype encryption.

The other method that was mentioned here are MitM attacks, i dont know anything about the skype protocol so i have to rely on available information. Mitm Attacks are - of course - always a good idea when it comes to circumventing encrypted protocols as there has to be some kind of key exchange (the only 100% proofable MitM secure way of a key exchange i know of is quantum cryptography). But there are lot of highly intelligent ways to make them _extremly_ difficult. Some good ideas on the topic of MitM-prevention/detection are from Phil Zimmermann and you can read them up in the zRTP protocol specification [1]. As at least the MitM detection features need a user interaction skype is most likely lacking those. But the problem i see here is that skype uses a very complex and obfuscated protocol which is not open. If you read up on http://en.wikipedia.org/wiki/Skype_protocol it will may become obviously why even all those fancy government agencies dont use this way ... . Although it could be possible MAYBE as far as i understood the Protocol description you would need to become a supernode in the skype network - as far as i can remember this is also what i read in the analysis that was done by a university some time ago. But as i am not an expert in protocol design and security my conclusion could be wrong :).

Conclusion:
The best (read: easiest and efficient) way is to code a nifty little trojan that intercepts the audio stream before it is encrypted! Or maybe you could steal the session keys from the memory and decrypt the traffic via those but this sound rather inconvenient if you already own the box :).

nermd

[1] http://zfoneproject.com/docs/ietf/draft ... tp-17.html
With this world there is no understanding, we belong their only to the extent, as we rebel against it (Theodor W. Adorno) --> if somebody knows a "official" translation for the well known german quote ... pls let me know!
User avatar
nermd
New User
New User
 
Posts: 42
Joined: Fri May 23, 2008 3:22 am
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by Muskelmann098 on Sat Mar 13, 2010 4:31 am
([msg=36665]see Re: Skype Eavesdropping[/msg])

thetan wrote:Still doesn't make much sense and is just further evident you really have no idea what you're talking about.


That's true, and I never tried to pass off as an expert either. This whole thread was just an idea I had. If I had any clue how to solve it, I most likely wouldn't have asked ;)
Muskelmann098
Experienced User
Experienced User
 
Posts: 78
Joined: Mon Feb 02, 2009 9:39 am
Blog: View Blog (0)


Previous

Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests