GCHQ VoIP software can be used to eavesdrop
The backdoor could allow agents, employers or third parties to listen in on conversations
The GCHQ has developed VoIP encryption tools with a built-in backdoor, allowing both authorities and third parties to listen in on conversations.
The backdoor is embedded into the MIKEY-SAKKE encryption protocol and has a 'key escrow' built in, allowing those with authority - whether an employer or government agency - to access it if a warrant or request is made.
The backdoor was uncovered by Dr Steven Murdoch, a security researcher from the University of London, who wrote a blog about the potential snooping tool.
He explained that MIKEY-SAKKE has a monopoly over other security protocols used by approved government voice communications, meaning almost all software used for communication is using the encryption, with the enbedded backdoor. GCHQ can also insists the technology is used in other products used by the public sector and companies "operating critical national infrastructure".
"Although the words are never used in the specification, MIKEY-SAKKE supports key escrow," Murdoch wrote. "That is, if the network provider is served with a warrant or is hacked into it is possible to recover responder private keys and so decrypt past calls without the legitimate communication partners being able to detect this happening."
He explained this is being marketed as a benefit to using MIKEY-SAKKE rather than a bug, with documentation issued by GCHQ advertising it means employers can listen into voice communications when investigating into misconduct trials.
"The Government should come to the realisation that the inclusion of backdoors in encryption isn't merely a legislative or privacy mandate, however, it is technically impossible to control the use of a backdoor in this way." Justin Harvey, chief security officer at Fidelis Cybersecurity said.
"I liken the pro-backdoor encryption movement to complaints about the weather; some people complain about rain, snow or sunshine and wish it were otherwise, but in the end, we can't do anything about it. The same is true for strong encryption."
The definitive guide to warehouse efficiency
Get your free guide to creating efficiencies in the warehouseFree download
The total economic impact™ of Datto
Cost savings and business benefits of using Datto Integrated SolutionsDownload now
Three-step guide to modern customer experience
Support the critical role CX plays in your businessFree download
The global state of the channelDownload now