Skype Unveiled – Silver Needle in the Skype

March 14, 2006

At recent Blackhat Europe, Philippe BIONDI and Fabrice DESCLAUX published their latest investigation on Skype titiled “Silver Needle in the Skype“. Previously a test by Network World studied the cryptography algorithm underneath Skype and drew a conclusion that Skype is security enough for end users.  Another whitepaper by Tom Berson expressed the similar viewpoint.  But, with heavy reverse engineering of Skype, Philippe and Fabrice investigated deeply how Skype operates and exchange information. The following is their conclusion:

Good points
      Skype was made by clever people
      Good use of cryptography
Bad points
      Hard to enforce a security policy with Skype
      Jams traffic, can’t be distinguished from data exfiltration
      Incompatible with traffic monitoring, IDS
      Impossible to protect from attacks (which would be obfuscated)
      Total blackbox. Lack of transparency.
      No way to know if there is/will be a backdoor
      Fully trusts anyone who speaks Skype.

I agree mostly to the author by my Top Ten Concern to Skype Security. 🙂