Skype black hatted
-
-
“Can we snoop on your Skype communications? Can we decipher them from a dead capture? Can we impersonate you? Can we get information from your local network if you use Skype? Can we take control of your machine if you use Skype? To what extent the use of Skype can put your data and organisation at risk?” These questions become more and more important as companies are willing to make the switch for the Internet telephony technologies but restrain themselves to do so for VoIP security issues.
Philippe Biondi and Fabrice Desclaux, two French research engineers for EADS (European Aeronautic Defense and Space), did try to answer the best way they can. They put it upside down, challenged its security mechanism, did some reverse engineering. At last edition of BlackHat, a convention for security professionals created by Jeff Moss, also founder of DefCon (’the’ annual hackers’ convention held in Las Vegas), the two engineers issued their report, entitled a “Silver Needle in the Skype”. Here’s their verdict:
The good points are:
- Skype was made by clever people
- Good use of cryptography
The bad aspects:
- Hard to enforce a security policy with Skype
- Jams traffic, can’t be distinguished from data exfiltration
- Incompatible with traffic monitoring, IDS
- Impossible to protect from attacks (which would be
- obfuscated)
- Total blackbox. Lack of transparency.
- No way to know if there is/will be a backdoor
- Fully trusts anyone who speaks Skype.
(the presentation, in pdf format) via
Mar 21, 2006 | By Nuno
- comments
-
-
-
- Stay in sync'
- Full content
- Content tagged VoIP
-
-
-