Skype Communication Protocol Cracked

[hunt3r]

A black day for Skype just started as according to several reports, Skype's VoIP protocol has been reversed engineered by a company in China. The informant said that his company had been working on opening up Skype's protocol for some time, and now an application has been developed that can call any Skype user from anywhere in the world.

The reports indicated that the software team that worked on this project had to be able to look through Skype's database of users, find client profiles, negotiate call sessions and even link up through Skype's encryption. Initial testing indicated that while the program worked, it was still in development stages. Calls had "noticeable echo" and call quality fluctuated from decent to good. At the moment, instant messaging to Skype users is not available but the company spokesperson said that a public release will be ready by August of this year. The company hopes to introduce a fully-compatible Skype alternative.

Skype was recently purchased by eBay for integration into its popular online auction system. eBay said that with Skype, eBay users will be able to use a feature called Skype Me communicate directly with each other -- problems and questions can occur in real time between seller and buyer. With Skype's VoIP protocol cracked open, many are wondering if this will negatively affect the eBay-Skype integration. Neither eBay nor Skype have responded.

Source Skype Communication Protocol Cracked

 

[shirish]

I wish u had digged a bit deeper hunt3r,

although it's a good find, I just widh u had backtracked on the story u would have found this little jewel which talks more freely about what the chinese have been actually able to do & the implications of the same.

Little more info here

the Skype protocol was reverse-engineered and some aspects were publicly discussed four months ago, albeit with more emphasis on security ramifications and without a commercial/competitive motive or product plan. See the presentation from Philippe Biondi and Fabrice Desclaux from Blackhat Europe at http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-biondi/bh-eu-06-biondi-up.pdf. It’s a nice piece of work, and I can’t imagine the Chinese team was unaware of it!

With regard to the underlying cryptographic protocols (as opposed to the more implementation-oriented study above), Tom Berson’s excellent analysis can be found at http://www.skype.com/security/files/2005-031 security evaluation.pdf

An interesting thing came up while going through stuff on Supernodes, it seems tht it involves little bit overhead on bandwith due to the supernode concept & NAT Traversal. Now tht tells me where the extra bits go

Source :- The Register