Cyberspace Sneaking: Sending Secret Messages Via Skype

Polish researchers have devised a way to send encrypted messages using Skype.

Silence is golden, especially for information smugglers. Polish researchers have devised a way to send secret messages during conversational breaks in phone calls made on Skype. Should their method go commercial, it could be a boon to criminals and law-abiders alike.

When two people talk over Skype, their speech travels from one place to another in data packets. Turns out, silences are conveyed in packets, too, albeit smaller ones than those toting words. After analyzing Skype traffic, the researchers realized that those little parcels of quiet were perfect vessels to surreptitiously load with encrypted content.

Their technique, dubbed “SkyDe” (a portmanteau of “Skype” and “hide”), falls under the umbrella of steganography—the art of sneaking messages from one place to another through an innocent carrier. In the digital world, prime message carriers fit certain criteria: They’re highly trafficked, and they can be modified in a way that goes undetected by those uninvolved in the code sharing. Skype turned out to be “an ideal candidate for a secret data carrier,” according to a paper about the researchers’ work.

SkyDe operates by identifying those silence packets—based on their size—and replacing their content with encrypted data. (How those packets are encrypted depends on the sender and the recipient. Many encryption algorithms are available; a popular one that jibes with Skype is Ever Password’s AES encryptor.) Then, a recipient employs SkyDe to monitor for clandestine messages, using an agreed-upon key to decode their data, once extracted. The exchange can occur between people who have set up a Skype call for their own secret purposes, or code-sharers can piggyback on an unaware, third party call. The researchers have plans to commercialize their product as an ad-on to Skype and are in touch with several companies, according to Wojciech Mazurczyk, an assistant professor at Warsaw University of Technology’s Institute of Telecommunications who helped develop SkyDe.

In the past, Skype has come under scrutiny for possible eavesdropping capabilities. “Today,” writes Ryan Gallagher in a blog post for Slate, “it still remains unclear whether Skype is actually in a position to ‘wiretap’ audio and video chats if under order issued by a law enforcement agency.” A product like SkyDe would help communicators maintain privacy, the researchers write, noting that Skype is also a “proprietary and closed software and thus, ultimately cannot be trusted.”

Besides James Bond, who would want to send encrypted messages in the first place? Though ne’er-do-wells such as hackers, pornographers, or even terrorists perhaps first come to mind, a method like SkyDe could help others, too, such as dissidents escaping censorship in authoritarian regimes, journalists, or companies that want to keep secrets of the trade under wraps. “This is the usual tradeoff,” says Mazurczyk. “Every invention can be used with good or bad intentions.” Ah, the power of silence.

Meet the Writer

About Julie Leibach

Julie Leibach is a freelance science journalist and the former managing editor of online content for Science Friday.