Is Skype Safe?
February 18, 2011 § 1 Comment
This question is interesting for two reasons. First, practically speaking, Skype is probably the most popular VoIP application in the world. As someone who occasionally uses Skype on public wifi networks, I want to know how likely it is that anyone in the vicinity was listening in on my conversation. Second, Skype serves as an archetype of the proprietary network protocol, and a test case for how much we should trust the claims of software vendors.
“Safe” is a vague term, and there are a number of distinct concerns one might have about the safety of Skype (or anything else). Does running Skype put my computer at risk of compromise? Are my Skype conversations safe from the eyes of the guy sitting next to me at the coffee shop? What about other Skype users? What about Skype or the NSA? For the purposes of this discussion, I am primarily interested in the question of privacy, not the question of vulnerabilities that lead to compromise.
(I dismiss the first question out of hand, perhaps, but a cursory look at the history of publicly disclosed vulnerabilities in Skype shows it to be not very noteworthy. All software poses risks, but Skype does so no more than, say, Firefox.)
What do we know about Skype?
Not very much, as it turns out. Skype has disclosed only limited information on the Skype protocol, notably in an independent security evaluation conducted against Skype 1.3 (now ancient code) in 2005. At the same time, Skype has been busily obfuscating their Windows application using sophisticated techniques rarely seen in desktop software, which were nonetheless partially reverse engineered by a pair of French researchers who presented their findings at the BlackHat Europe conference in 2006. Much of what we know about the actual implementation of Skype relies upon that work, by Biondi and Desclaux.
Perhaps even larger questions abound about Skype’s corporate policies with respect to government intercepts (“wiretaps”). The FBI has long lobbied for the extension of CALEA to “unmanaged” VoIP networks (that is, peer-to-peer networks like Skype, as opposed to those like Vonage, whose centralized infrastructure mimics telephone networks), and the paranoid have long worried that spooks already have the capability to intercept Skype calls (fueled by hints and rumors). Yet the diminished ability to intercept new forms of communication appears to be of some concern to the FBI, and Skype has resisted government attempts to impose CALEA compliance (claiming to be both exempt from CALEA and technologically unable to satisfy requests). It seems likely that if Skype is in fact able to intercept calls, this secret is sufficiently closely held as to be unknown to many government agencies.
Can the stranger sharing my wireless network intercept my Skype calls?
Short answer: probably not.
As described by Berson in the previously-mentioned security evaluation, Skype uses industry-standard end-to-end encryption. If the dude next to you in the coffee shop heard of a backdoor, I would hope I’d have heard of it, too.
Unlike many activities conducted over insecure wireless (including competing instant messaging services, numerous webmail providers, and social networking sites), Skype appears to be one of the safer applications you can use over an untrusted network.
Can other Skype users intercept my calls?
Again, owing to Skype’s use of end-to-end encryption, probably not. However, other Skype users may be able to determine your IP address; as a result, Skype-to-Skype calls cannot be considered particularly anonymous. (At least some of the time, Skype connects directly between conversing users without intermediation from a “super node,” which discloses the users’ IP addresses.)
Additionally, again owing to the Skype architecture (in which nodes with extra computing resources and bandwidth may act as a proxy for two conversing nodes), other Skype users may be able to determine the IP address of your computer and that of the computer you’re talking to. This is certainly a disclosure of information, but it’s probably not one most of us care about.
Can Skype or the NSA intercept my calls?
If Skype wanted to build in the capability to do so, it would be easy. If Skype wanted to build in the capability to do so and be sure they won’t be detected, that is probably much harder. In order to truly hide intercepts, Skype would have to change some fundamentals of the protocol such that the behavior of normal conversations and intercepted conversations are indistinguishable.
Perhaps more compelling, the FBI’s lobbying on CALEA seems to imply heavily that the FBI, at least, do not have such a capability. (See “Update 2,” below.)
Thus for the normal range of use, Skype seems far safer from government, operator, and malicious neighbor intrusion than both cellphones and landlines, neither of which use encryption of any worth (cellphones do use encryption, but many of the popular algorithms are weak and easily broken). Yet Skype runs on your computer, and is thus vulnerable to the full range of malware that people are always complaining about. If you can’t trust the computer itself, it doesn’t matter how secure Skype is.
Bear in mind, however, that this analysis applies only to the confidentiality of Skype conversations. Skype does little to hide its traffic from a determine attacker; an ISP or government agency with sufficient access could likely determine who talks to whom on Skype (to the extent that Skype uses onion routing to deter this–which appears to be not at all–a sufficiently resource adversary could use traffic fingerprinting to correlate conversing parties). Skype is a good way for users to engage in probably-secret conversations; it does not, however, keep secret that the conversation took place.
Addendum: More Details for the Curious
I do want to be clear that Skype’s architecture makes it much more difficult to verify with traffic analysis that there is no backdoor. Since Skype connects to “supernodes” (read: strangers’ computers) by design, it would be easy to exfiltrate data in such a matter without raising eyebrows. That said, in discussions as murky as these, I think it is useful to re-read the excellent classic “Reflections on Trusting Trust,” if for no other reasons than to remind us of how little we can trust the software we use every day. It would be easier for Skype to exfiltrate user data than for Windows to do (but, perhaps, harder than for GMail). I think that probably puts Skype within the realm of products most users consider “safe.”
Update (March 16, 2011)
An article published today in The Guardian notes that Privacy International has raised a number of concerns about Skype. These are as follows:
- Use of arbitrary names to identify users could lead to spoofing.
- The application is downloaded over HTTP.
- Skype may be open to traffic analysis on the encrypted audio streams. This analysis may allow identification of the original spoken text with a fair degree of accuracy.
These are valid concerns, but perhaps require some context.
For the first, I think PI is worried that allowing users to select their own usernames makes spoofing easier (if I want to intercept a conversation between “Alice” and “Bob,” I can create the usernames “A1ice” and “Bob_” and perform a man-in-the-middle attack). I’m not sure I buy this; user ID numbers are also easy to spoof simply because most people can’t validate numbers very well. More could be done to validate user names, to be sure, but Skype already has a “contacts” list–anyone not on that list will appear to be an unknown account (and depending on the user’s privacy settings, may be unable to contact the user).
The second is a completely valid concern. Users should only choose to download over encrypted HTTPS. This is, unfortunately, a very common problem. This is, however, mitigated (on Windows) by the fact that Skype distributes a signed binary.
The third problem is by far the most serious, and is referring to this work out of Johns Hopkins. This is a defect that Skype will hopefully fix, but I won’t hold my breath–the mitigation for this attack significantly increases the bandwidth overhead of the protocol, so there’s a strong argument against fixing this. Unfortunately, users have little choice in the matter, since Skype is a closed implementation. (As far as I can tell, this same attack would apply to any VoIP client running over Zfone if that client used VBR encoding–which I suspect most do.)
Update 2 (March 23, 2011)
The certificate authority Comodo has announced what appears to be an Iranian, apparently state-sponsored attack on their infrastructure that led to the issuing of a number of fraudulent SSL certificates for Google, Yahoo, Microsoft, and Skype. These certificates could allow an attacker to impersonate the targeted site and intercept encrypted logins. The presence of Skype on that list would seem to imply that the Iranians at least have no other way of reliably intercepting Skype conversations (though it does not categorically rule out the presence of less reliable methods, such as the VBR attack described above).