Skip to main content

Can Skype 'wiretap' video calls?

John D. Sutter, CNN
Microsoft CEO Steve Ballmer and Skype CEO Tony Bates at a press conference in 2011.
Microsoft CEO Steve Ballmer and Skype CEO Tony Bates at a press conference in 2011.
STORY HIGHLIGHTS
  • Skype has made technical changes to the way calls are placed
  • The calls now are routed by Microsoft- or Skype-owned computers
  • Previously, other computers on the network served in this directory function
  • The change makes some people worry the company could "wiretap" video calls

(CNN) -- The video calling service Skype recently made a change to how it routes calls.

Yawn, right? But here's where it get a little juicier: Hackers and bloggers are saying the changes, which push some of the video calling process onto Skype's own computers instead of onto random machines on the Internet, could help the app spy on users' calls, presumably at the request of a court or government.

"Reportedly, Microsoft is re-engineering these supernodes to make it easier for law enforcement to monitor calls by allowing the supernodes to not only make the introduction but to actually route the voice data of the calls as well," Tim Verry, from the website ExtremeTech, wrote last week. (Supernodes are third-party computers that act as a sort of directory service for routing calls.)

"In this way, the actual voice data would pass through the monitored servers and the call is no longer secure. It is essentially a man-in-the-middle attack, and it is made all the easier because Microsoft -- who owns Skype and knows the keys used for the service's encryption -- is helping."

Other news outlets, including Forbes and Slate, picked up on the discussion. Forbes says there is "tremendous buzz" in the hacker community on this topic.

The problem? It's unclear what exactly changed, and a Skype spokesman contacted by CNN for clarification would not release more than a pre-written statement.

Chaim Haas, the spokesman, would not say, for instance, if the update actually enabled the company to tap into and record Skype calls. He also would not answer questions about when the update took place or whether wiretapping was a motive.

"As part of our ongoing commitment to continually improve the Skype user experience, we developed supernodes, which can be located on dedicated servers within secure datacenters," the statement from Skype says. "This has not changed the underlying nature of Skype's peer-to-peer (P2P) architecture, in which supernodes simply allow users to find one another (calls do not pass through supernodes).

"We believe this approach has immediate performance, scalability and availability benefits for the hundreds of millions of users that make up the Skype community."

Skype, which grew out of the peer-to-peer downloading network Kazaa and how has 254 million "connected" users per month, has a long reputation for guarding the privacy of its callers. Skype calls usually are routed from one caller to another, rather than through a middleman.

"Historically, Skype has been a major barrier to law enforcement agencies," writes Ryan Gallagher at Slate. "Using strong encryption and complex peer-to-peer network connections, Skype was considered by most to be virtually impossible to intercept."

For technical reasons, this meant that Skype actually could not comply with an order to wiretap a particular Skype user's conversations, a spokeswoman told the tech news site CNET in 2008. "We have not received any subpoenas or court orders asking us to perform a live interception or wiretap of Skype-to-Skype communications," the spokeswoman said. "In any event, because of Skype's peer-to-peer architecture and encryption techniques, Skype would not be able to comply with such a request."

But after the recent change, some insiders are speculating that such digital eavesdropping may indeed be possible.

The difference involves the third-party "supernode" computers. Until recently, those supernodes were other Skype users who had fast Internet connections and could handle the work.

Now, according to Skype's statement, those supernodes have moved onto computers owned by Skype, which is owned by Microsoft. That has some people concerned.

Haas, Skype's spokesman, wrote that "it is also important to note that Skype calls DO NOT (emphasis his) pass through supernodes -- they act in a directory function only."

He added: "As was true before the Microsoft acquisition, Skype cooperates with law enforcement agencies as is legally required and technically feasible."

This seems to mean that Skype can't intercept calls just because it owns the supernodes now. The spokesman, however, declined to answer follow-up questions on this point.

Others are unsure what it means.

"I'm a little bit surprised and slightly skeptical about that statement" about how calls "do not pass through supernodes," said Peter Eckersley, technology projects director for the Electronic Frontier Foundation.

Maybe in most cases calls would not actually pass through a supernode in a way that they could be tracked, Eckersley said, but, for technical reasons, some types of computer connections may require a call to route though a supernode.

If you are really truly geek fluent, Eckersley's question for Skype may interest you:

"If two Skype users are firewalled so that they can only make outbound TCP connections and cannot make UDP connections, how do you route a call between those two users?"

Eckersley said he can't think of an answer, aside from pushing a call through a supernode, which now would be on a Skype- or Microsoft-owned computer.

In any event, Eckersley said, this update may not be all that significant in the big picture. His group already does not recommend that people who live in authoritarian regimes use Skype, because of the relative likelihood that communications could be tapped.

In dangerous places like Iran and Syria, using a service like Gmail is safer, he said.

"As of 2012 we don't believe the Skype architecture is secure," he said. "There are a lot of people out there, a lot of governments out there, that have the means to break Skype, and this remains true regardless of whatever Microsoft just changed."

More from CNN Tech:

Google honors young scientists

Facebook working on 'want' button?

Court bans Samsung tablet from sale in Europe

YouTube wants commenters to use real names

ADVERTISEMENT
Part of complete coverage on
updated 10:26 AM EST, Wed February 6, 2013
Advocates say the exam includes unnecessarily invasive and irrelevant procedures -- like a so-called "two finger" test.
updated 7:09 PM EST, Tue February 5, 2013
Supplies of food, clothing and fuel are running short in Damascus and people are going hungry as the civil war drags on.
updated 1:01 PM EST, Wed February 6, 2013
Supporters of Richard III want a reconstruction of his head to bring a human aspect to a leader portrayed as a murderous villain.
updated 10:48 AM EST, Tue February 5, 2013
Robert Fowler spent 130 days held hostage by the same al Qaeda group that was behind the Algeria massacre. He shares his experience.
updated 12:07 AM EST, Wed February 6, 2013
As "We are the World" plays, a video shows what looks like a nuclear attack on the U.S. Jim Clancy reports on a bizarre video from North Korea.
The relationship is, once again, cold enough to make Obama's much-trumpeted "reset" in Russian-U.S. relations seem thoroughly off the rails.
Ten years on, what do you think the Iraq war has changed in you, and in your country? Send us your thoughts and experiences.
updated 7:15 AM EST, Tue February 5, 2013
Musician Daniela Mercury has sold more than 12 million albums worldwide over a career span of nearly 30 years.
Photojournalist Alison Wright travelled the world to capture its many faces in her latest book, "Face to Face: Portraits of the Human Spirit."
updated 7:06 PM EST, Tue February 5, 2013
Europol claims 380 soccer matches, including top level ones, were fixed - as the scandal widens, CNN's Dan Rivers looks at how it's done.
updated 7:37 AM EST, Wed February 6, 2013
That galaxy far, far away is apparently bigger than first thought. The "Star Wars" franchise will get two spinoff movies, Disney announced.
updated 2:18 AM EST, Fri February 8, 2013
It's an essential part of any trip, an activity we all take part in. Yet almost none of us are any good at it. Souvenir buying is too often an obligatory slog.
ADVERTISEMENT