A VOIP encryption protocol the UK spy agency GHCQ is pushing for
mandatory adoption comes with a hidden surprise: a built-in backdoor
that lets anyone who has a master key decrypt the call. That’s according
to a security expert at University College in London, who published the
findings on his blog this week.
In a post titled “UK government (through GCHQ) are mandating a voice encryption protocol—MIKEY-SAKKE—with a key-escrow backdoor,” Stephen Murdoch argues that GHCQ’s push for this voice over internet security tool would make calls anything but secure.
GCHQ told BBC News it did not recognize the findings.
Dr Murdoch says the backdoor makes it possible to undermine the system’s
overall security because the network operator can listen in to your
session, or enable someone else to. And anyone who hacks into the system
would be able to eavesdrop, he said.
“The existence of a master private key that can decrypt all calls past
and present without detection, on a computer permanently available,
creates a huge security risk, and an irresistible target for attackers,”
“Also calls which cross different network providers (e.g., between
different companies) would be decrypted at a gateway computer, creating
another location where calls could be eavesdropped.”
Didn’t recognise the findings, that’s pretty much British for “Shit, they’re on to us!”
Any master key would be calculated in less than a month after launch and all VOIP would be insecure, including that business call between politicians… Sure do it…