GCHQ VoIP software can be used to eavesdrop


The GCHQ has developed VoIP encryption tools with a built-in backdoor, allowing both authorities and third parties to listen in on conversations.

The backdoor is embedded into the MIKEY-SAKKE encryption protocol and has a 'key escrow' built in, allowing those with authority - whether an employer or government agency - to access it if a warrant or request is made.

The backdoor was uncovered by Dr Steven Murdoch, a security researcher from the University of London, who wrote a blog about the potential snooping tool.

He explained that MIKEY-SAKKE has a monopoly over other security protocols used by approved government voice communications, meaning almost all software used for communication is using the encryption, with the enbedded backdoor. GCHQ can also insists the technology is used in other products used by the public sector and companies "operating critical national infrastructure".

"Although the words are never used in the specification, MIKEY-SAKKE supports key escrow," Murdoch wrote. "That is, if the network provider is served with a warrant or is hacked into it is possible to recover responder private keys and so decrypt past calls without the legitimate communication partners being able to detect this happening."

He explained this is being marketed as a benefit to using MIKEY-SAKKE rather than a bug, with documentation issued by GCHQ advertising it means employers can listen into voice communications when investigating into misconduct trials.

"The Government should come to the realisation that the inclusion of backdoors in encryption isn't merely a legislative or privacy mandate, however, it is technically impossible to control the use of a backdoor in this way." Justin Harvey, chief security officer at Fidelis Cybersecurity said.

"I liken the pro-backdoor encryption movement to complaints about the weather; some people complain about rain, snow or sunshine and wish it were otherwise, but in the end, we can't do anything about it. The same is true for strong encryption."

Clare Hopping
Freelance writer

Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.

Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.

As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.