Skype cracked. Does China have a back door to online calls?
A Chinese company has reverse-engineered Skype's voice over IP protocols, which could allow them - or the Chinese government - to block Skype communications in censorship-happy China, Charlie Paglee reported on his blog last week.
Today I received a call through Skype from a friend at a company in China, except he told me he was not using Skype to call me. His company has successfully reverse engineered the Skype protocol and he wanted to call me in the United States to see how it worked between physically distant IP addresses. We talked for a little over nine minutes before the call dropped. Then I called him back using my Skype and we spoke for another three minutes.The first time we talked there was a noticeable echo on my end. The second time the voice quality was good ol’ Skype crystal clear. At present they only support placing Skype peer-to-peer phone calls and they have not yet implemented presence. They have plans to add presence, instant messaging, and a host of other features. Their end goal is to create a client 100% compatible with Skype. They sent me a screen shot of their software (below) and my IP address was 100% correct.
Following press accounts of the news, Skype issued a denial stating:
“Skype is aware of the claim made by a small group of Chinese engineers that they have reverse engineered Skype software. We have no evidence to suggest that this is true. Even if it was possible to do this, the software code would lack the feature set and reliability of Skype which is enjoyed by over 100 million users today. Moreover, no amount of reverse engineering would threaten Skype’s cryptographic security or integrity.”
While news reports have this as a big sigh of relief for the company and users, Paglee sees it as nothing more than head in the sand behavior.
No evidence.” The only reason Skype has no evidence is because they have not asked for any.They say “Even if it was possible to do this”. Skype made the decision to protect their technology through “Security By Obscurity”. A college student was able to crack the DVD security and a professor / student team in Israel cracked the GSM code. So not only was it possible, it was an eventual certainty. If Skype claimed otherwise Meg Whitman should be asking for her money back.
But Skype saved the most interesting for last: “Moreover, no amount of reverse engineering would threaten Skype’s cryptographic security or integrity.”
There is a very powerful opposing view to Skype’s spin that no company could develop a software that would match Skypes “security” or “integrity”. Indeed, security issues have been a continuing detractor hindering Skype growth in business environments. Skype has some serious security issues.