At recent Blackhat Europe, Philippe BIONDI and Fabrice DESCLAUX published their latest investigation on Skype titiled “Silver Needle in the Skype“. Previously a test by Network World studied the cryptography algorithm underneath Skype and drew a conclusion that Skype is security enough for end users. Another whitepaper by Tom Berson expressed the similar viewpoint. But, with heavy reverse engineering of Skype, Philippe and Fabrice investigated deeply how Skype operates and exchange information. The following is their conclusion:
Skype was made by clever people
Good use of cryptography
Hard to enforce a security policy with Skype
Jams traffic, can’t be distinguished from data exfiltration
Incompatible with traffic monitoring, IDS
Impossible to protect from attacks (which would be obfuscated)
Total blackbox. Lack of transparency.
No way to know if there is/will be a backdoor
Fully trusts anyone who speaks Skype.
I agree mostly to the author by my Top Ten Concern to Skype Security. 🙂