Skype Eavesdropping

Data that travels over the air and how to protect (or decipher) it

Re: Skype Eavesdropping

Post by thetan on Fri Jan 22, 2010 9:02 am
([msg=33739]see Re: Skype Eavesdropping[/msg])

When i was back in iraq i remember reading in the newspaper about this whole fiasco:
http://www.nytimes.com/2008/10/02/techn ... skype.html
http://www.theregister.co.uk/2009/02/12 ... pe_pwnage/

I've never personally looked into such things with skype myself.

If the stream is in fact encrypted with 256 bit encryption, you can probably forget about hearing it, unless you allow it to reach the other end, get decrypted, and then try the audio driver approach. The problem there is that you'd ultimately get bunch of other sounds, music, games, movies as well, but it'd work , at least in theory.

MiTM attacks can be used to snoop and forge keys from a client to a host effectively becoming the streaming source and just forwarding it to the victim client. However, these attacks are relatively advanced and require a bit of expertise in terms of knowledge with the actual encryption scheme. Much like ettercap catches SSH1 keys to decrypt the stream (and trys to force client and server to use SSH1 via a downgrade attack), theoretically theirs not much you can do to prevent this. AloR (one of the devs for ettercap) claims that cracking SSH2 could be just as trivial only he hasn't had the time to implement it (it's been 4+ years AloR wtf m8). The same can be said with just about any encryption scheme that does an over the wire key exchange.
"If art interprets our dreams, the computer executes them in the guise of programs!" - SICP

Image

“If at first, the idea is not absurd, then there is no hope for it” - Albert Einstein
User avatar
thetan
Contributor
Contributor
 
Posts: 657
Joined: Thu Dec 17, 2009 6:58 pm
Location: Various Bay Area Cities, California
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by sandsphinx on Fri Jan 22, 2010 9:59 am
([msg=33740]see Re: Skype Eavesdropping[/msg])

To bruteforce a 256 bit encryption would take ALOT of power, time, resources. I'd say around maybe 200 computers parallel bruteforcing the encryption would work, and it would still take some time. My advice is to wait until someone finds the exploit, and tbh, that theory of logging the audio data sounds like it won't work. Skype allows text, i wonder if that would be easier or harder to log?
Image
User avatar
sandsphinx
Poster
Poster
 
Posts: 206
Joined: Thu Mar 12, 2009 9:05 am
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by thetan on Fri Jan 22, 2010 11:15 am
([msg=33741]see Re: Skype Eavesdropping[/msg])

sandsphinx, not to sound like a broken record or anything but you don't need to brute force anything if you perform a MiTM attack and grab the keys being exchanged over the wire (this is because you grab everything you would need to decrypt it). As of yet, theirs no real way to defeat this key snooping/forging method. The only work around for this would be having the keys/certificates from each source ahead of time, removing the need to transfer such info across the wire.
"If art interprets our dreams, the computer executes them in the guise of programs!" - SICP

Image

“If at first, the idea is not absurd, then there is no hope for it” - Albert Einstein
User avatar
thetan
Contributor
Contributor
 
Posts: 657
Joined: Thu Dec 17, 2009 6:58 pm
Location: Various Bay Area Cities, California
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by insomaniacal on Sat Jan 23, 2010 6:47 am
([msg=33768]see Re: Skype Eavesdropping[/msg])

I'm assuming the encryption keys are only passed once though, and to perform a Mitm attack, you'd have to be connected to their network, and be performing this attack while they are transferring the keys.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by IncandescentLight on Sat Jan 23, 2010 8:19 am
([msg=33770]see Re: Skype Eavesdropping[/msg])

Hmm... Gives me an idea that you can take over one of the router boxes between the two computers, and placing your Man in the Middle attack there, but I wonder if It'll work in theory... ;)
Speak softly and carry a big stick -Theodore Roosevelt

http://www.rhetoricalcatch.blogspot.com
User avatar
IncandescentLight
Poster
Poster
 
Posts: 216
Joined: Sun Apr 27, 2008 3:16 am
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by thetan on Sat Jan 23, 2010 9:55 am
([msg=33772]see Re: Skype Eavesdropping[/msg])

IncandescentLight wrote:Hmm... Gives me an idea that you can take over one of the router boxes between the two computers, and placing your Man in the Middle attack there, but I wonder if It'll work in theory... ;)

Their is no theory with that, just fact. Which is to say, of course it will work.

ADDED:
to perform a Mitm attack, you'd have to be connected to their network

Some what wrong. You're making the mistake of thinking that ARP poisoning is the only MiTM attack vector. Much more sophisticated attack vectors exists such as and not limited to route mangling for example. However yeah, at least some sort of Point-to-Point connection must be established, but you never really /have/ to be physically in the LAN or in the network.

, and be performing this attack while they are transferring the keys.

Of course. Obviously the attack vector isn't going to do you any good if you miss the keys being transferred.
"If art interprets our dreams, the computer executes them in the guise of programs!" - SICP

Image

“If at first, the idea is not absurd, then there is no hope for it” - Albert Einstein
User avatar
thetan
Contributor
Contributor
 
Posts: 657
Joined: Thu Dec 17, 2009 6:58 pm
Location: Various Bay Area Cities, California
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by insomaniacal on Sat Jan 23, 2010 11:00 am
([msg=33776]see Re: Skype Eavesdropping[/msg])

thetan wrote: However yeah, at least some sort of Point-to-Point connection must be established


Yea, that's basically what I meant. I haven't really looked at too many Mitm attacks other than ARP poisoning, but ultimately, you have to find a way to manipulate them into sending the data to you first, and then onto their intended destination regardless.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by thetan on Sat Jan 23, 2010 11:07 am
([msg=33777]see Re: Skype Eavesdropping[/msg])

insomaniacal wrote: ultimately, you have to find a way to manipulate them into sending the data to you first, and then onto their intended destination regardless.

Sending the data to the intended destination is never an issue (host based authentication schemes have been in exile for years now, look into rlogin for example).

The main issue one should concern themselves with is the duplex of the attack vector. In which full-duplex MiTM would mean all bidirectional data must be routed through a node under your control while half-duplex only one direction of the communication stream (either sending or receiving) gets routed through a node under your control.
"If art interprets our dreams, the computer executes them in the guise of programs!" - SICP

Image

“If at first, the idea is not absurd, then there is no hope for it” - Albert Einstein
User avatar
thetan
Contributor
Contributor
 
Posts: 657
Joined: Thu Dec 17, 2009 6:58 pm
Location: Various Bay Area Cities, California
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by Muskelmann098 on Thu Feb 11, 2010 4:15 pm
([msg=34878]see Re: Skype Eavesdropping[/msg])

Wow lots of interesting ideas.

Just one question though. If Skype encrypts the call as it leaves the program and not when it reaches the Skype server, wouldn't that make a MITM attack useless? Unless of course you can decrypt it.
Muskelmann098
Experienced User
Experienced User
 
Posts: 78
Joined: Mon Feb 02, 2009 9:39 am
Blog: View Blog (0)


Re: Skype Eavesdropping

Post by thetan on Thu Feb 11, 2010 5:19 pm
([msg=34882]see Re: Skype Eavesdropping[/msg])

Muskelmann098 wrote:Wow lots of interesting ideas.

Just one question though. If Skype encrypts the call as it leaves the program and not when it reaches the Skype server, wouldn't that make a MITM attack useless? Unless of course you can decrypt it.

In logical computer literate english please?
"If art interprets our dreams, the computer executes them in the guise of programs!" - SICP

Image

“If at first, the idea is not absurd, then there is no hope for it” - Albert Einstein
User avatar
thetan
Contributor
Contributor
 
Posts: 657
Joined: Thu Dec 17, 2009 6:58 pm
Location: Various Bay Area Cities, California
Blog: View Blog (0)


PreviousNext

Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests