Skype has long claimed to be "end-to-end encrypted", an architectural category that suggests conversations over the service would be difficult or impossible to eavesdrop upon, even given control of users' Internet connections. But Skype's 2005 independent security review admits a caveat to this protection: "defeat of the security mechanisms at the Skype Central Server" could facilitate a "man-in-the-middle attack" (see section 3.4.1). Essentially, the Skype service plays the role of a certificate authority for its users and, like other certificate authorities, could facilitate eavesdropping by giving out the wrong keys.
 |
| Protections against eavesdropping |
This security limitation has concerned us for a long time. Last year, Chris Soghoian argued that, for this reason, "Skype is in a position to give the government sufficient data to perform a man in the middle attack against Skype users." Soghoian argued that Skype should change its design to eliminate this ability, or else disclose the risk more prominently. One way of limiting man-in-the-middle attacks would be for Skype to introduce a way for users to do their own encryption key verification, without relying on the Skype service. As Soghoian notes, that's what many other encrypted communications tools do—but such a verification option is missing from Skype. (Users may independently verify the authenticity of the keys presented by people they're talking to in encryption systems such as PGP, OTR, HTTPS, and ZRTP.) Back in 2011, we publicly asked Skype to introduce this feature, at least as an optional way for users to check they weren't being spied on. To date, no key verification feature has been introduced.
No comments:
Post a Comment