Hiding in plain silence via Skype

Skype 1.0 running on an Android 2.2 device

Skype 1.0 running on an Android 2.2 device (Photo credit: Wikipedia)

This week’s New Scientist reports that Polish computer scientist Wojciech Mazurczyk and his colleagues have found a way to use silence in Skype calls to encrypt data.

Silence in Skype is signified by 70 bit packets instead of 130 bit packets that carry speech. Skype Hide allows users to inject encrypted data into those 70 bits.

An eavesdropper listening to the call would therefore hear nothing.

Of course that wouldn’t stop somebody delving into the packets and rooting out the encrypted data – whether they could decrypt that is another matter.

In the end Skype probably cannot be trusted for secure communications because it’s algorithms are proprietary – we simply do not know in detail how it works and whether anybody is cracking it.

Having worked with opposition politicians who use Skype to evade state intrusion, this lack-of-trust-by-design has always bothered me: but the it is hard to explain one-way functions to most people anyway.

Skype Hide is due to be publicly demo’ed in June at a steganography conference in Montpellier.