Skype Unveiled – Silver Needle in the Skype

At recent Blackhat Europe, Philippe BIONDI and Fabrice DESCLAUX published their latest investigation on Skype titiled “Silver Needle in the Skype“. Previously a test by Network World studied the cryptography algorithm underneath Skype and drew a conclusion that Skype is security enough for end users.  Another whitepaper by Tom Berson expressed the similar viewpoint.  But, with heavy reverse engineering of Skype, Philippe and Fabrice investigated deeply how Skype operates and exchange information. The following is their conclusion:

Good points
      Skype was made by clever people
      Good use of cryptography
Bad points
      Hard to enforce a security policy with Skype
      Jams traffic, can’t be distinguished from data exfiltration
      Incompatible with traffic monitoring, IDS
      Impossible to protect from attacks (which would be obfuscated)
      Total blackbox. Lack of transparency.
      No way to know if there is/will be a backdoor
      Fully trusts anyone who speaks Skype.

I agree mostly to the author by my Top Ten Concern to Skype Security.🙂

One Response to Skype Unveiled – Silver Needle in the Skype

  1. […] Confesso che ho trovato a suo tempo questa risposta un po’ capziosa, oltre che contraria allo “spirito” di Internet. Vedo però che i dubbi su Skype si stanno comunque diffondendo. Cito questo articolo apparso su Madpenguin SIP vs. Skype: Making the “Open” Choice. Più tecnico l’articolo Silver Needle in the Skype che si può scaricare da qui. Come si dice: stiamo a vedere. […]

%d bloggers like this: