Industry News

Microsoft Upgrades Skype with Eavesdropping ‘Features’

After acquiring Skype for roughly 8.5 billion dollars, Microsoft’s update to the service’s architecture could reportedly make in-call eavesdropping much easier.

Image credit: Skype

With Voice-over-IP taking the lion’s share of web-based communication, it’s reasonable to assume the information carried by Skype would be of great importance for government agencies. However, its decentralized, peer-to-peer architecture and complex encryption mechanisms have made eavesdropping nearly impossible for third parties.

A new report on ExtremeTech reveals that eavesdropping might just have become possible as the Redmond-based company has moved “super-nodes” (key rally points for worldwide users) to dedicated servers running Linux and which are located in Microsoft’s data centers. Before the architecture change, a regular node (an actual Skype user) could be promoted to “supernode”, if it could route sufficient traffic to other nodes. By moving supernodes into datacenters, Microsoft will have complete control over them, including access to conversations.

Multiple (1), (2) voices on the Internet have raised concerns related to the privacy of the conversation, as now some of the VoIP data passes through these supernodes, but the developer claims that the architecture update is only helping the network scale better

“…we developed supernodes which can be located on dedicated servers within secure datacenters. This has not changed the underlying nature of Skype’s peer-to-peer (P2P) architecture, in which supernodes simply allow users to find one another (calls do not pass through supernodes),” said Mark Gillett, Skype’s Corporate VP of Product Engineering & Operations, quoted by ExtremeTech. “We believe this approach has immediate performance, scalability and availability benefits for the hundreds of millions of users that make up the Skype community.”

Wiretapping is nothing new in the telecom area, and, following the purchase of Skype, Microsoft has entered this market. Since it’s a US-based company, it’s obliged by law to ensure wiretapping capabilities for its infrastructure, in order to comply with the Communications Assistance for Law Enforcement Act CALEA), passed in 1994, “requiring telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure they have built-in surveillance capabilities, allowing federal agencies to monitor all telephone, broadband internet, and VoIP traffic in real-time.”

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

2 Comments

Click here to post a comment
  • There is no official confirmation that Skype can or will do this in the near feature, thus “eavesdropping features” do not apply here

    • Hey there, Rica. There is no doubt that the “eavesdropping features” really do exist, otherwise Skype would break the CALEA requirements I was talking about in the last paragraph, and I’m not sure that the Microsoft-owned Skype could actually afford that. My question was not whether they snoop on the VoIP traffic or not, but rather “is this the way they do it?”.

      Let’s not forget that Microsoft has applied in 2009 for a patent on what we call “Legal Intercept”, a technology designed to “silently record communications on VoIP networks such as Skype”. It would make sense: they have the technology, the encryption keys and all they need is moving away super-nodes from users’ machines to locations they fully control.