GCHQ VoIP software can be used to eavesdrop

The backdoor could allow agents, employers or third parties to listen in on conversations

Snooping

The GCHQ has developed VoIP encryption tools with a built-in backdoor, allowing both authorities and third parties to listen in on conversations.

The backdoor is embedded into the MIKEY-SAKKE encryption protocol and has a 'key escrow' built in, allowing those with authority - whether an employer or government agency - to access it if a warrant or request is made.

The backdoor was uncovered by Dr Steven Murdoch, a security researcher from the University of London, who wrote a blog about the potential snooping tool.

He explained that MIKEY-SAKKE has a monopoly over other security protocols used by approved government voice communications, meaning almost all software used for communication is using the encryption, with the enbedded backdoor. GCHQ can also insists the technology is used in other products used by the public sector and companies "operating critical national infrastructure".

"Although the words are never used in the specification, MIKEY-SAKKE supports key escrow," Murdoch wrote. "That is, if the network provider is served with a warrant or is hacked into it is possible to recover responder private keys and so decrypt past calls without the legitimate communication partners being able to detect this happening."

He explained this is being marketed as a benefit to using MIKEY-SAKKE rather than a bug, with documentation issued by GCHQ advertising it means employers can listen into voice communications when investigating into misconduct trials.

"The Government should come to the realisation that the inclusion of backdoors in encryption isn't merely a legislative or privacy mandate, however, it is technically impossible to control the use of a backdoor in this way." Justin Harvey, chief security officer at Fidelis Cybersecurity said. 

"I liken the pro-backdoor encryption movement to complaints about the weather; some people complain about rain, snow or sunshine and wish it were otherwise, but in the end, we can't do anything about it. The same is true for strong encryption."

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

HPE inks $2 billion high-performance computing deal with the NSA
high-performance computing (HPC)

HPE inks $2 billion high-performance computing deal with the NSA

1 Sep 2021
White House launches tech fellowship program to tackle key issues
Policy & legislation

White House launches tech fellowship program to tackle key issues

31 Aug 2021
Synology DVA3221 review: Much more than a NAS
network attached storage (NAS)

Synology DVA3221 review: Much more than a NAS

22 Jul 2021
Department of Health and Human Services must improve cyber security info sharing
Security

Department of Health and Human Services must improve cyber security info sharing

30 Jun 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

17 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
The technology powering the future of shopping
Technology

The technology powering the future of shopping

16 Sep 2021