Some thought on this topic:
The most likly attack vector is that of a trojan intercepting audio transmission from skype. There are goverment agencies that do it this way. And dont say that trojans are always lame, read up some papers a good root-kit can be an EXTREMELY advanced piece of software. We are not living in the love-letter time anymore their are root kits that can transfer your OS in a virtual machine without you even knowing it! Luckily there are not so many ppl capable of writing something like that (...for more info on that topic check out the most seductive root-kit writter in the world Joanna Rutkowska
). how ever back to topic, my point was that you should not underestimate the power of modern trojans/root-kits. AFAIK trojans are used by german intelligence service (and most likely other thre-letter agencies use them too) to defeat the skype encryption.
The other method that was mentioned here are MitM attacks, i dont know anything about the skype protocol so i have to rely on available information. Mitm Attacks are - of course - always a good idea when it comes to circumventing encrypted protocols as there has to be some kind of key exchange (the only 100% proofable MitM secure way of a key exchange i know of is quantum cryptography). But there are lot of highly intelligent ways to make them _extremly_ difficult. Some good ideas on the topic of MitM-prevention/detection are from Phil Zimmermann and you can read them up in the zRTP protocol specification [1]. As at least the MitM detection features need a user interaction skype is most likely lacking those. But the problem i see here is that skype uses a very complex and obfuscated protocol which is not open. If you read up on
http://en.wikipedia.org/wiki/Skype_protocol it will may become obviously why even all those fancy government agencies dont use this way ... . Although it could be possible MAYBE as far as i understood the Protocol description you would need to become a supernode in the skype network - as far as i can remember this is also what i read in the analysis that was done by a university some time ago. But as i am not an expert in protocol design and security my conclusion could be wrong
.
Conclusion:
The best (read: easiest and efficient) way is to code a nifty little trojan that intercepts the audio stream before it is encrypted! Or maybe you could steal the session keys from the memory and decrypt the traffic via those but this sound rather inconvenient if you already own the box
.
nermd
[1]
http://zfoneproject.com/docs/ietf/draft ... tp-17.htmlWith this world there is no understanding, we belong their only to the extent, as we rebel against it (Theodor W. Adorno) --> if somebody knows a "official" translation for the well known german quote ... pls let me know!
