The video calling service Skype recently made a change to how it routes calls.
Yawn, right? But here’s where it get a little juicier: Hackers and bloggers are saying the changes, which push some of the video calling process onto Skype’s own computers instead of onto random machines on the Internet, could help the app spy on users’ calls, presumably at the request of a court or government.
“Reportedly, Microsoft is re-engineering these supernodes to make it easier for law enforcement to monitor calls by allowing the supernodes to not only make the introduction but to actually route the voice data of the calls as well,” Tim Verry, from the website ExtremeTech, wrote last week…
“In this way, the actual voice data would pass through the monitored servers and the call is no longer secure. It is essentially a man-in-the-middle attack, and it is made all the easier because Microsoft — who owns Skype and knows the keys used for the service’s encryption — is helping…”
“Historically, Skype has been a major barrier to law enforcement agencies,” writes Ryan Gallagher at Slate. “Using strong encryption and complex peer-to-peer network connections, Skype was considered by most to be virtually impossible to intercept….”
Peter Eckersley of the Electronic Frontier Foundation…already does not recommend that people who live in authoritarian regimes use Skype, because of the relative likelihood that communications could be tapped…
“As of 2012 we don’t believe the Skype architecture is secure,” he said. “There are a lot of people out there, a lot of governments out there, that have the means to break Skype, and this remains true regardless of whatever Microsoft just changed.”
Mission accomplished, eh?