Skype Eavesdropping

[thetan]

When i was back in iraq i remember reading in the newspaper about this whole fiasco:
http://www.nytimes.com/2008/10/02/techn ... skype.html
http://www.theregister.co.uk/2009/02/12 ... pe_pwnage/

I've never personally looked into such things with skype myself.

If the stream is in fact encrypted with 256 bit encryption, you can probably forget about hearing it, unless you allow it to reach the other end, get decrypted, and then try the audio driver approach. The problem there is that you'd ultimately get bunch of other sounds, music, games, movies as well, but it'd work , at least in theory.

MiTM attacks can be used to snoop and forge keys from a client to a host effectively becoming the streaming source and just forwarding it to the victim client. However, these attacks are relatively advanced and require a bit of expertise in terms of knowledge with the actual encryption scheme. Much like ettercap catches SSH1 keys to decrypt the stream (and trys to force client and server to use SSH1 via a downgrade attack), theoretically theirs not much you can do to prevent this. AloR (one of the devs for ettercap) claims that cracking SSH2 could be just as trivial only he hasn't had the time to implement it (it's been 4+ years AloR wtf m8). The same can be said with just about any encryption scheme that does an over the wire key exchange.

[sandsphinx]

To bruteforce a 256 bit encryption would take ALOT of power, time, resources. I'd say around maybe 200 computers parallel bruteforcing the encryption would work, and it would still take some time. My advice is to wait until someone finds the exploit, and tbh, that theory of logging the audio data sounds like it won't work. Skype allows text, i wonder if that would be easier or harder to log?

[thetan]

sandsphinx, not to sound like a broken record or anything but you don't need to brute force anything if you perform a MiTM attack and grab the keys being exchanged over the wire (this is because you grab everything you would need to decrypt it). As of yet, theirs no real way to defeat this key snooping/forging method. The only work around for this would be having the keys/certificates from each source ahead of time, removing the need to transfer such info across the wire.

[insomaniacal]

I'm assuming the encryption keys are only passed once though, and to perform a Mitm attack, you'd have to be connected to their network, and be performing this attack while they are transferring the keys.

[IncandescentLight]

Hmm... Gives me an idea that you can take over one of the router boxes between the two computers, and placing your Man in the Middle attack there, but I wonder if It'll work in theory...

[thetan]

Hmm... Gives me an idea that you can take over one of the router boxes between the two computers, and placing your Man in the Middle attack there, but I wonder if It'll work in theory...

Their is no theory with that, just fact. Which is to say, of course it will work.

ADDED:

to perform a Mitm attack, you'd have to be connected to their network

Some what wrong. You're making the mistake of thinking that ARP poisoning is the only MiTM attack vector. Much more sophisticated attack vectors exists such as and not limited to route mangling for example. However yeah, at least some sort of Point-to-Point connection must be established, but you never really /have/ to be physically in the LAN or in the network.

, and be performing this attack while they are transferring the keys.

Of course. Obviously the attack vector isn't going to do you any good if you miss the keys being transferred.

[insomaniacal]

However yeah, at least some sort of Point-to-Point connection must be established

Yea, that's basically what I meant. I haven't really looked at too many Mitm attacks other than ARP poisoning, but ultimately, you have to find a way to manipulate them into sending the data to you first, and then onto their intended destination regardless.

[thetan]

ultimately, you have to find a way to manipulate them into sending the data to you first, and then onto their intended destination regardless.

Sending the data to the intended destination is never an issue (host based authentication schemes have been in exile for years now, look into rlogin for example).

The main issue one should concern themselves with is the duplex of the attack vector. In which full-duplex MiTM would mean all bidirectional data must be routed through a node under your control while half-duplex only one direction of the communication stream (either sending or receiving) gets routed through a node under your control.

[Muskelmann098]

Wow lots of interesting ideas.

Just one question though. If Skype encrypts the call as it leaves the program and not when it reaches the Skype server, wouldn't that make a MITM attack useless? Unless of course you can decrypt it.

[thetan]

Wow lots of interesting ideas.

Just one question though. If Skype encrypts the call as it leaves the program and not when it reaches the Skype server, wouldn't that make a MITM attack useless? Unless of course you can decrypt it.

In logical computer literate english please?