[ISN] Has Skype been cracked?

From: InfoSec News (alerts@private)
Date: Sun Jul 16 2006 - 23:16:29 PDT


http://news.zdnet.co.uk/0,39020330,39278709,00.htm

By David Meyer
ZDNet UK
July 14, 2006

Skype has moved quickly to try and scotch rumours of an imminent clone a 
development which would threaten the VoIP client's business model by 
introducing interoperability with its rivals

Skype's model of being a communications island could be under threat, if 
reports that its voice and instant messaging client has been successfully 
reverse engineered are true.

According to Charlie Paglee, the chief executive of a Chinese-American 
Internet telephony (VoIP) company called Vozin Communications, engineers 
from a small Chinese startup have managed to crack Skype's protocol.

Writing on his VoIPWiki blog on Thursday, Paglee claimed he had been made 
aware of the development when a member of the team successfully called him 
on his Skype account from another VoIP client.

The as-yet-unidentified company is reportedly working towards a client 
that is "100 percent" compatible with Skype. If these reports are correct, 
they have so far succeeded only in peer-to-peer voice calls, but are now 
concentrating on emulating Skype's instant messaging (IM) and presence 
(the ability to see which of your contacts are online) capabilities.

Skype itself reacted to the news with a statement on Friday, saying it had 
"no evidence to suggest that this is true".

"Even if it was possible to do this, the software code would lack the 
feature set and reliability of Skype which is enjoyed by over 100 million 
users today.  Moreover, no amount of reverse engineering would threaten 
Skype's cryptographic security or integrity," Skype continued.

The main problem for Skype is that its business model is largely based on 
being a closed system, according to telecoms analyst James Enck of Daiwa 
Securities.

Referring to recent IM interoperability agreements between Microsoft and 
Yahoo, and Google and AOL, Enck told ZDNet UK that Skype was becoming 
increasing unusual in being a "disconnected IM island".

"Skype has been fairly unique against this background in not pursuing some 
direct peering or federation with one of these other IM bases, so maybe 
someone is going to do that for them," Enck said on Friday.

"If someone's working on something that opens that up to other 
possibilities, where someone can federate all their contacts from IM 
platforms, arguably communications become a lot richer, but maybe the 
Skype ecosystem becomes damaged because they don't have that lock on the 
address book. It seems to remove one element of control that they've had 
all this time."

Enck added that Skype could have difficulty in targeting the engineers 
over intellectual property rights as they are based in China.

Less than a year ago, Skype was bought by eBay, which aims to use it as a 
communications tool within its online auctions. It is also thought that 
the client might at some point begin to bear advertising a model which may 
be in trouble if an ad-free Skype clone becomes available.

eBay was not available for comment at the time of writing.


_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com



This archive was generated by hypermail 2.1.3 : Sun Jul 16 2006 - 23:29:03 PDT