×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Skype Protocol Has Been Cracked

Zonk posted more than 7 years ago | from the rising-in-the-east dept.

279

nsrCZ writes "The Skype core protocol has been reverse-engineered by a Chinese company. The interesting thing is, that although the protocol is closed, it is not patented and thus it is not against the law to crack it. If it's true, then it could affect the whole eBay/Skype business in many ways, including that they might not get their piece of the emerging Chinese cake." From the article: "By cracking the Skype protocol, the company claims it can also block Skype voice traffic, Paglee said. 'They could literally turn the lights off on Skype in China very, very quickly,' said Paglee, who is also a lawyer and engineer, speaking from California on Friday. The company could transfer the technology to the Chinese government, which has continually sought ways to tighten its filtering and control over the Internet. So far, the company doesn't have any plans to market its blocking capabilities, Paglee said."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

279 comments

Innovation (3, Insightful)

SleeknStealthy (746853) | more than 7 years ago | (#15719290)

I love how the Chinese innovate. Corporate espionage, reverse engineering and overall IP infringement...Skype should have patented its technology, but it's not like the Chinese respect IP anyway.

Re:Innovation (4, Insightful)

Anonymous Coward | more than 7 years ago | (#15719388)

I love how the Chinese innovate. Corporate espionage, reverse engineering and overall IP infringement...

Yes, the US have been a good master.

Re:Innovation (2, Funny)

LittleBigLui (304739) | more than 7 years ago | (#15719425)

Exactly. Reverse engineering is theft! And Skype should have patented not only their protocol but also talking itself!

Re:Innovation (0)

IANAAC (692242) | more than 7 years ago | (#15719678)

Reverse engineering is theft! And Skype should have patented not only their protocol but also talking itself!

Said the man (using Linux) from his wireless laptop :-)

Relax, I know you were joking.

Re:Innovation (4, Insightful)

spyrochaete (707033) | more than 7 years ago | (#15719568)

Thanks for sharing your generalizations about the most populous country in the world. Obviously every aspect of China meets your concise description.

Re:Innovation (3, Insightful)

IAmTheDave (746256) | more than 7 years ago | (#15719780)

Thank you - not to mention that every true innovation stands on the shoulders of giants who came before. Want to know why patents/copyrights are killing innovation? Because there are now police lines around those proverbial shoulders.

True, groundbreaking innovation is rarely anything more than a modification of an existing process or practice or idea or thought. An ingenious one, yes - but without the work that came before, there would be nothing. Stopping the work that can come after is nothing short of criminal.

Re:Innovation (2, Insightful)

c_forq (924234) | more than 7 years ago | (#15719818)

Come on now, he didn't comment on every aspect of China, just the corporate one. And to be fair in the corporate arena you pretty much have to do what the competition is doing to stay in business, wither it be espionage, bribes, maximizing efficiency, price cutting, or advertising.

Re:Innovation (3, Insightful)

JPribe (946570) | more than 7 years ago | (#15719595)

And patenting their protocol here in the States would have what effect in China? Please share, as I seem to have forgetten and am in need of a reminder.

Re:Innovation (5, Insightful)

sholden (12227) | more than 7 years ago | (#15719699)

Because the US respected all the British IP in its early days.

Re:Innovation (2, Insightful)

castoridae (453809) | more than 7 years ago | (#15719761)

Even if our ancestors were also "wrong", it's still "wrong" for China (defined as the collective group of infringing companies, government agencies and individuals which happen to reside and work in China) to do it.

* Quotes intentionally added to "wrong" to allay any possible tangent subthreads about how IP/patents/copyrights are in principal wrong/imorral/broken. Gotta know your audience. :-)

Re:Innovation (1)

Aardpig (622459) | more than 7 years ago | (#15719882)

Why exactly is it wrong? If the Chinese government gives the go ahead, can't Chinese entities do what the fuck they like with Skype? Or any other piece of software, for that matter?

Re:Innovation (4, Interesting)

Jeremy Erwin (2054) | more than 7 years ago | (#15719765)

Perhaps I'm being unrealistically naive, but the original concept of the patent system was "full disclosure for protection". During the patent term, manufacturers would have to obtain a license to duplicate the patented object, but after those 17 years were up, no assistance (engineering or otherwise_ from the original inventor would have been necessary-- because the invention had been fully disclosed.

If skype had patented its system, it would have had to disclose elements of its protocols which would make it quite easy for any espionage shop to infiltrate, route around or otherwise frustrate.

Consider, for instance, a lock manufacturer. Their cylinders are described in exquisite detail in their patents. A person skilled in the art of lock-picking might find their patents to be of particular interest. But if the lock incorporates security mechanisms which defeat all potential attacks, it doesn't matter if they are disclosed.

However, if the companies key manufacturing division and distribution network are infiltrated, then a duplicate key can probably be manufactured with a modicum of difficulty. That's why such practices are not disclosed in the patent, and are usually subject to "trade secret" regulations.

P.S. I'm not so sure that the NSA and CIA let IP laws get in the way of espionage.

Re:Innovation (1)

Anonymous Coward | more than 7 years ago | (#15719782)

I love how the Chinese innovate. Corporate espionage, reverse engineering and overall IP infringement...Skype should have patented its technology, but it's not like the Chinese respect IP anyway.

They're more American than the United States!

Re:Innovation (3, Insightful)

tomstdenis (446163) | more than 7 years ago | (#15719851)

Um hello, IBM PC clones anyone?

Oh that's right you were born in the 90s and don't remember the 80s.

Kids these days...

I'd assumed they'd done this already. (0)

Macthorpe (960048) | more than 7 years ago | (#15719302)

China are blocking something to prevent people talking about things they shouldn't?

Say it ain't so!

Grammar Nazi to the Rescue (-1)

Anonymous Coward | more than 7 years ago | (#15719565)

Grammar Nazi strikes again ...

China are blocking

Is there now more than 1 China?

Re:Grammar Nazi to the Rescue (0, Offtopic)

Anonymous Coward | more than 7 years ago | (#15719714)

Incorrect. "China" is being used as shorthand for "the members of the government of China" (or similar) therefore "are" is a perfectly valid word to use.

Re:Grammar Nazi to the Rescue (2, Insightful)

tprox (621523) | more than 7 years ago | (#15719720)

Talking into a teapot or a teacup would probably block most of the sound provided you weren't talking very loud.

Re:I'd assumed they'd done this already. (1, Interesting)

Anonymous Coward | more than 7 years ago | (#15719738)

yes they are already blocking http://anonet.org/ [anonet.org] and all of its subdomains but intermitantly, its a great tool, i just hope the chinese doesn't block VPN's next! for those in china, use tor to access the site, same goes for those in the _peoples republic of amerika, franKe, germEny oh and soon engFand.

Hmm (-1)

Anonymous Coward | more than 7 years ago | (#15719303)

What's to stop them from changing the protocol now?

backward compatibilirty (-1, Troll)

Anonymous Coward | more than 7 years ago | (#15719407)

dumbass.

Re:backward compatibilirty (0)

Anonymous Coward | more than 7 years ago | (#15719649)

If I had mod points, I'd mod you insightful. What an intelligent comment my friend :)

Open Source? (1, Insightful)

guruevi (827432) | more than 7 years ago | (#15719304)

Open source it and put it in a decent project like say, Asterisk... I hate Skype just because their protocol is closed. I can't do anything useful with it except when I use their crap.

Re:Open Source? (4, Funny)

Macthorpe (960048) | more than 7 years ago | (#15719366)

So your solution to China cracking the protocol is to make it open-source.

You are a genius.

Re:Open Source? (3, Insightful)

BioCS.Nerd (847372) | more than 7 years ago | (#15719514)

What the hell is that supposed to mean? First of all, let's address this statement:

I can't do anything useful with it except when I use their crap.

Perhaps you wrote this incorrectly, but, by definition, nothing is useful unless you use it. Would you care to elaborate why you think their service is useless crap? Oh yes, this nugget of gold:

... I hate Skype just because their protocol is closed.

(emphasis mine)

What you're saying, implicitly, is that you have no real qualms against Skype aside from their lack of openess with respect to their protocol. That's absurd! I could understand if you disliked this about their service, but to actually hate their service because of this one fact is borderline stupid.

Re:Open Source? (1)

Millenniumman (924859) | more than 7 years ago | (#15719674)

I think he is complaining because he has to use the Skype application. He can't do anything useful with the protocol except when he uses their application.

Re:Open Source? (1)

BioCS.Nerd (847372) | more than 7 years ago | (#15719737)

I'd certainly hope so. But in his/her vague response, a failed opportunity to bring an intelligent and interesting discourse to our corner of the web was lost.

Re:Open Source? (1)

guruevi (827432) | more than 7 years ago | (#15719732)

It's not as stupid as soon as you have to actually use the darn protocol. If you implement a VoIP phone server with all bells and whistles and all of a sudden some jerk-manager asks why you didn't implement the functionallity to Skype the company... well, because it's not open, I can't use it... but I want to call you with Skype from home, that's VoIP too isn't it... aargh.

Re:Open Source? (0)

Anonymous Coward | more than 7 years ago | (#15719521)

In other words you want to steal the service?

Re:Open Source? (2, Interesting)

spyrochaete (707033) | more than 7 years ago | (#15719639)

If Skype was open source would they have had the leverage to enable free calls within North America until the end of this year? Even if so, is it wise or ethical to make such a powerful technology open source? There is potential for abuse when you open up any technology, but I think the subject gets even touchier when it's a free gateway to technology everyone in the continent uses (PSTN).

Re:Open Source? (0)

Anonymous Coward | more than 7 years ago | (#15719680)

yay:

chan_skype in asterisk would be really good

ability to block skype in a corporate scenerio would be good

Re:Open Source = Openser (3, Informative)

mpapet (761907) | more than 7 years ago | (#15719695)

This isn't really an insightful comment. It's currently modded as such.

Asterisk does not currently provide the nuts and bolts of connecting SIP callers. It's SIP integration is not built out so great either. (ex. can't easily connect to a STUN or RTP proxy)

The normal procedure is to use an SIP server with asterisk as a voicemail backend.

The SER and OpenSER SIP server projects both connect to asterisk.

There is no reason to use skype's proprietary protocol. Good for the Chinese for putting a dent in their proprietary methods. Let SIP providers compete on a service basis, not protocol competition.

Tapping (2, Insightful)

slindseyusa (942823) | more than 7 years ago | (#15719307)

Isn't the more important aspect of this the concern that anyone could use this to tap into a conversation over Skype?

Re:Tapping (5, Informative)

Barsema (106323) | more than 7 years ago | (#15719362)

From TFA :

The company, however, has not been able to decrypt the phone calls passing through those computers and listen in because of the complicated encryption keys used during calls, Paglee said.

So I guess not.

Re:Tapping (0)

Anonymous Coward | more than 7 years ago | (#15719411)

The government will love it. :-)

Closed Protocol != Security (4, Insightful)

Penguin Programmer (241752) | more than 7 years ago | (#15719427)

Closed protocols are not a substitute for security. Any traffic that goes over the internet can be intercepted. Once you have the packets, it's just a matter of figuring out what they mean. This certainly does raise concerns that tapping into Skype conversations may become easy, but this was bound to happen eventually and should be no surprise to anyone.

Besides, who really cares? Phone conversations can be tapped into. Cell phones, too. Everyone knows not to transmit confidential information over the phone.

This company would have a customer... (0)

Anonymous Coward | more than 7 years ago | (#15719308)

... in the NSA.

DMCA? (0)

schon (31600) | more than 7 years ago | (#15719312)

I realize that the DMCA doesn't extend outside of the USA, but could Skype use it to block this software/information in the US?

Think about it - your conversation could arguably considered copyrighted information (as it's being recorded) - and the Skype protocol "effectively" protects it from being played back.

Could the DMCA be a large hammer that Skype could use to prevent competing products from entering the US market?

Re:DMCA? (1)

riflemann (190895) | more than 7 years ago | (#15719542)

Think about it - your conversation could arguably considered copyrighted information (as it's being recorded) - and the Skype protocol "effectively" protects it from being played back.


Not that the DMCA is relevant to me, yet (being outside the US), but I like this (currently) hypothetical topic...

Don't the anti-curcumvention provisions in the DMCA only protect the copyright holder? As the person doing the talking over Skype, presumably you are the copyright holder, and thus you are therefore allowed to decrypt your own copyrighted 'content'.

Or am I missing something? Does the Skype EULA transfer copyright of your conversation to Skype themselves? *scary*

Re:DMCA? (4, Informative)

drinkypoo (153816) | more than 7 years ago | (#15719555)

I realize that the DMCA doesn't extend outside of the USA, but could Skype use it to block this software/information in the US?

This is why mod points should be more carefully controlled.

The DMCA explicitly protects your right to reverse-engineer for the purposes of interoperability.

Re:DMCA? (1)

Bogtha (906264) | more than 7 years ago | (#15719768)

your conversation could arguably considered copyrighted information (as it's being recorded)

Is it being recorded though, or just transmitted? Something is only copyrighted once it gets fixed into a medium. So if you are recording to disk and then transmitting, that would be protected by copyright. But the user would hold the copyright, not Skype, so Skype couldn't use the DMCA against anybody.

I thought that maybe Skype could include a copyrighted logo or something at the beginning of each transmission, but Nintendo tried to do exactly this [wikipedia.org] , and the court ruled that the copying for protocol purposes wasn't infringement. But the law has gotten far more protective over copyright lately, so who knows? Skype might be able to ward off competitors with just the possibility of a successful lawsuit.

In His Apartment Earlier (2, Funny)

neonprimetime (528653) | more than 7 years ago | (#15719313)

Paglee details in his blog a call he received from the engineers using a rudimentary client. Part of the proof that the protocol had been cracked came when the engineers sent Paglee the IP address of his computer, information that normally would be encrypted during a Skype session.

Little did he know they were in his apartment earlier in the day.

Re:In His Apartment Earlier (1)

LnxAddct (679316) | more than 7 years ago | (#15719624)

Wait a second, someone please correct me if I'm wrong, but isn't Skype a *p2p* voip protocol, implying that you are directly connected with who ever you are talking to, implying that it should be trivial to get their IP?
Regards,
Steve

Does it really matter? (4, Insightful)

Rosco P. Coltrane (209368) | more than 7 years ago | (#15719317)

Closed Skype protocol gets cracked in X months == Skype releases a new version with a new closed protocol that'll take X more months to crack. Big deal...

Anyway, Skype is a big no-no for me. I don't like software that connects to who-knows-what and uses bandwidth all the time without any way to know what the heck it's doing.

Re:Does it really matter? (1, Interesting)

Anonymous Coward | more than 7 years ago | (#15719391)

i totally agree - i see this on our network with ntop -with all sorts of weird people (wanadoo, universities, etc.) connected to a local user on weird ports doing as you say, 'who knows what ...' -i wouldn't be surprised if it's being used to distribute SPAM sending bots, hidden proxies, bandwidth theft, bit torrents, spyware, etc.

Re:Does it really matter? (0)

Anonymous Coward | more than 7 years ago | (#15719627)

What you going to do? Force every skipe user to upgrade overnight?

Re:Does it really matter? (1)

Zebedeu (739988) | more than 7 years ago | (#15719757)

No, you release a new version that supports both protocols and when the time is right, kill off the old protocol and force upgrade the remaining users.
You do this either by then releasing a new version that supports only the newer protocol, or with some sort of a kill switch on the 2-protocol software.

Re:Does it really matter? (1)

owlnation (858981) | more than 7 years ago | (#15719853)

I completely agree with you. But note that it seems to matter to eBay shareholders. Their share price seems to be off on one of its regular weekly slides again.

My guess is Meg Whitman is hanging on by her nails...

It could indeed. (5, Funny)

Rob T Firefly (844560) | more than 7 years ago | (#15719327)

The company could transfer the technology to the Chinese government
In other news, my front door could be unlocked with my house key, I could inhale the next time I need oxygen, and water could cause things it touches to become wet.

Re:It could indeed. (3, Interesting)

regen (124808) | more than 7 years ago | (#15719796)

The interesting thing is since skype uses encryption and encryption use by private citizens is illegal in China, just using skype could get you arrested. But then again, if the Chinese government wants to arrest a citizen in China they just do it and can find (or make up) a reason for the arrest afterwards.

Wouldn't it depend on perspective? (4, Insightful)

Timex (11710) | more than 7 years ago | (#15719330)

The interesting thing is, that although the protocol is closed, it is not patented and thus it is not against the law to crack it.

I'm sure Skype's lawyers might see this differently.

If this happened in the US, lawyers would be crying "foul!" on the basis of the protocol being a Trade Secret, and they would have something to say about the agreement that one sees when installing the software. I believe I remember seeing a "no reverse-engineering" clause in there.

This being a Chinese source, though, means that US rules don't necessarily apply.

Re:Wouldn't it depend on perspective? (1)

rednuhter (516649) | more than 7 years ago | (#15719487)

Who says they had to install the software ...
If the packets are coming across their routers then they are pretty fair game, although I doubt they did break it without the software, if asked they [could/should/would] say they only examined packets in transit.

Re:Wouldn't it depend on perspective? (1)

IamTheRealMike (537420) | more than 7 years ago | (#15719669)

Trade secrets are just that - secrets - and have no protection under law. You find them out, good for you.

Reverse engineering isn't illegal either and that cannot be changed by a EULA. As far as I'm aware a protocol is not an "invention" per se, so it cannot be patented either. Though with the modern state of the US patent office, who knows ....

Why would a protocol be closed anyway? (2, Interesting)

otis wildflower (4889) | more than 7 years ago | (#15719331)

I mean in this day and age, depending on the secrecy of a closed protocol running on top of an open network for a business model seems pretty... dumb... Though obviously they are also trying to do services (like SkypeOut) which make much more sense, what is the value in having a proprietary protocol, when something like SIP (maybe an updated version that supports P2P negotiation) is out there? I mean it's not like the OSS world is playing catch-up this time (like, say, Jabber is compared to AIM's installed and active user base)..

Just curious...

Isn't that sweet? (2, Interesting)

botzi (673768) | more than 7 years ago | (#15719335)

"Even if it was possible to do this, the software code would lack the feature set and reliability of Skype,"

Don't you just love when people speak with certainties about yet unreleased things? Sure, it may well lack it for about 24 days. Then what happens? I'm not convinced that people would base stand alone software on that protocole anyway. More likely soe SIP clients would implement the protocole as an add on.

If it were patented (2, Interesting)

mocm (141920) | more than 7 years ago | (#15719344)

they couldn't make it closed. That is the purpose of patents.

Blocking (3, Interesting)

slashkitty (21637) | more than 7 years ago | (#15719347)

Do you really have to "crack" the protocol to block the traffic? Were their packets that well disguised?

Re:Blocking (1)

smbarbour (893880) | more than 7 years ago | (#15719538)

Unless it looks like other well-known traffic, wouldn't it be a lot easier to block using a "I can't tell what this is, so just discard the packets"-type filter? The device filtering the traffic will see the session from start to finish, so it's not like it has to figure it out mid-session.

Re:Blocking (5, Informative)

Anonymous Coward | more than 7 years ago | (#15719608)

Excerpt from http://lists.grok.org.uk/pipermail/full-disclosure /2005-November/038646.html [grok.org.uk] :

*********

1) Skype will initially attempt to contact supernodes, the IPs of which
are in a file stored along with the other files that Skype installs. The
first method of contact is direct. The source ports that Skype attempts
to connect from are non-default ports. From my observations I could see
that the UDP source port 1247 is the initial control channel. Once the
connection is established, the rest of the communications is done in TCP
over non-default source ports with ranges sweeping from 2940-3000.
In general, any company that is serious about its security policy would
have strict egress filtering rules, which makes identifying the
non-default source/destination ports that Skype uses irrelevant since
they would be blocked anyway.

2) If the above fails, Skype will use the proxy server specified in Internet
Explorer, and attempt to tunnel the traffic over port 443 using the SSL
protocol. The destination IPs are of course random as above, which makes
destination blocking out of the question. The only option left is to
block SSL,
which is not really a solution, unless you want to end up excluding all
legal SSL destinations.
Deleting the user's proxy settings would also disallow Skype from
connecting. That would however leave the user without internet access.
Even if the user had no proxy settings, and the proxying was done
transparently (which would definitely include proxying http and https
traffic), the Skype traffic (SSL) would again be transparently proxied,
which puts us back at square one.

********

The aforementioned link however speaks of a somewhat twisted method of blocking out skype by restricting outbound HTTPS to only the requests adressed by FQDN.

Perhaps Skype will eventually just use SSL over 443 for the whole of the communication in order to establish connections, which is quite an effective method of bypassing any kind of firewall or filter put in place by a corporation. And the same technique holds true for any other "undesirable" protocol. With VPNs now starting to use SSL over 443 to evade restrictive outbound ACLs, it's getting more difficult to restrict what leaves your network.

Re:Blocking (1)

Ulrich Hobelmann (861309) | more than 7 years ago | (#15719794)

Probably not, but I think it's much more interesting for authorities to not block traffic, but simply wiretap it.

Since China controls the Chinese routers, it's easy to be the listening man in the middle.

They renamed the protocol (4, Funny)

Anonymous Coward | more than 7 years ago | (#15719349)

It's now call Scrype terraphone and it love you long time

Re:They renamed the protocol (-1, Troll)

Anonymous Coward | more than 7 years ago | (#15719729)

HA! Scrype. FUNNY.

Nothing makes me laugh like racism.

HA!

Can't Threaten Skype's security or integrity? (0)

neonprimetime (528653) | more than 7 years ago | (#15719353)

"Moreover, no amount of reverse engineering would threaten Skype's cryptographic security or integrity."

This is /.
I'm sure we could figure out something.

Reverse Engineering (4, Informative)

ultrasound (472511) | more than 7 years ago | (#15719378)

it is not patented and thus it is not against the law to crack it....

Patenting something does not prevent anyone from reverse engineering it, and in fact they wouldnt need to because the mechanism would be documented in the patent.

Reverse engineering is not 'against the law' in most parts of the world, only the US thanks to the DMCA (C is for copyright, not patent), so therefore they probably have not broken the law if they did this outside the US. At present it is legal in the EU to reverse engineer a competitors product for the purpose of producing a compatible interface, sadly however that may not be the case if the proposed "directive on criminal measures aimed at ensuring the enforcement of intellectual property rights" is ratified.

Re:Reverse Engineering (1)

YU Nicks NE Way (129084) | more than 7 years ago | (#15719889)

The parent is only "informative" in the weakest sense. Yes, a patent application must contain detail sufficient for a third party to replicate your invention. However, that detail is utterly useless until either the patent expires or an infringement case comes before a court. In particular, if I hold a patent on process X, then I hold a grant patent to bar any comer from constructing any mechanism which implements the patented process. (Bear in mind that the current European controversy has nothing to do with that part of patent law, but only about what properties a "patentable mechanism" must possess. The arguments against business process patenting boil down to the claim that a "process" is too broadly applicable a notion to be granted patent protection.)

Since reverse engineering necessarily requires that the engineer construct a working model, to the extent that Skype's protocols were patented, the construction of that working model would, in fact, constitute a prima facie infringement.

Mmmmm, "chinese cake" (-1)

ry4an (1568) | more than 7 years ago | (#15719379)

Sorry, couldn't resist.

Re:Mmmmm, "chinese cake" (0)

Anonymous Coward | more than 7 years ago | (#15719869)

You haven't posted in a year, and that you couldn't resist?

Patents != legally uncrackable (5, Informative)

Aim Here (765712) | more than 7 years ago | (#15719405)

The article submitter seems to be a lot confused regarding the law. There's nothing unlawful about cracking a patented algorithm. It might be unlawful to market a device using the same encryption, in those parts of the unfree (softwarewise) world where software patents are implemented, but that's a different thing.

Cracking encryption algorithms is generally only unlawful where the encryption is a method of encrypting copyrighted material, AND the country involved has implemented some variant of the DMCA or EUCD. That's the legal machinery that DVD Jon had problems with. The Skype Protocol won't be covered by DMCA-like provisions.

Re:Patents != legally uncrackable (1)

elgaard (81259) | more than 7 years ago | (#15719520)

You should't even have to crack it. You should be able to just read the patent application.

In theory that is.

Implicitly, Skype has lost its best feature.. (0)

OlivierB (709839) | more than 7 years ago | (#15719417)

...security

To be able to reverse-engineer the Skype protocol, these guys had at one point or another to decrypt the data, and encrypt it as well.

What this means is that they could configure their application as a SuperNode and intercept conversations, files, text in between.

Guess the AES 256bit encryption wasn't implemented properly.

Thanks Skype.

Re:Implicitly, Skype has lost its best feature.. (2, Informative)

throwaway18 (521472) | more than 7 years ago | (#15719502)

To be able to reverse-engineer the Skype protocol, these guys had at one point or another to decrypt the data, and encrypt it as well.


What this means is that they could configure their application as a SuperNode and intercept conversations, files, text in between.


This is not a valid conclusion. To send out and receive audio when participating in a call it is necessary for a client to have the crypto keys. When the client is running on a general purpose computer the keys are inevitably accessable by the end user. The only solution to that is tamper resistant hardware and we, the slashdot masses, hate that.

To function as a relay for other people skype conversations you don't need to be able to encrypt and decrpt the streams, you just pass them on.

There is a big problem with skype which is that the way is implemented means thats the people who run skype could evesdrop on calls and could be served with warrants to do so. Using end to end public key encryption to prevent that would not prevent anyone reverse engineering it and creating a compatable client.

link to info on skype protocol (4, Interesting)

throwaway18 (521472) | more than 7 years ago | (#15719431)

Lots of info on how skype works, including that the people who run skype could evesdrop on conversations, the possibility of using skype to relay non skype traffic and an overflow security hole (hopfully now fixed) were revealed four months ago.

Silver needle in the Skype at Blackhat Europe [secdev.org]

Re:link to info on skype protocol (2, Interesting)

numatrix (242325) | more than 7 years ago | (#15719771)

Mod parent up!

1) Almost all (if not every bit) of this is not new information, it was already broken in the above referenced article.

2) Blocking the traffic was already described in the article, all the Chinese government had to do was read the paper some time ago instead of waiting for these schmucks to "discover" it.

3) If you read the paper you'll see how much work Skype goes through to make it hard to dissassemble their code and protocols. I'm sure if blocking in China becomes an issue they'll have the same smart people who did it the first time further obfuscate things (of course, for all the same reasons I'm not a fan of the Skype software to begin with, but that's another story).

No one should use Skype anyway (2, Interesting)

Bromskloss (750445) | more than 7 years ago | (#15719439)

Good point in the FAQ of standards based (H.323, SIP) communications program (text, audio, video) Ekiga:
Ekiga is not compatible with Skype and will never be as long as their protocol will stay proprietary. We do not think using closed protocols for communications is a good thing.

For more info on the repercussions of this... (1)

viper21 (16860) | more than 7 years ago | (#15719458)

Check out:

Skype Journal [skypejournal.com]

Looks like there are a lot of opportunity for deeper business integration. Wonder if this opens up any vulnerabilities for standard client users?

Paglee means . . . (2, Informative)

narsiman (67024) | more than 7 years ago | (#15719466)

Paglee - a mad girl in Hindi. (mockingliy)

Welcome to global communications.

Interoperability (0)

Anonymous Coward | more than 7 years ago | (#15719510)

The possibility that this may lead to blocking, isn't what it interesting. I like that this may lead to interoperability. Skype, much like DVDs prior to CSS getting cracked, wasn't useful. Now it may finally become so.

SAYS WHO??? (1)

rockytriton (896444) | more than 7 years ago | (#15719524)

"The interesting thing is, that although the protocol is closed, it is not patented and thus it is not against the law to crack it."

UM.......... Say Who?????

The Skype's the Limit (2, Interesting)

Doc Ruby (173196) | more than 7 years ago | (#15719638)

A real patent of Skype's protocol (if a protocol patent could be considered "real") would have published all the details, precisely to protect by law what Skype instead protects by secrecy.

Of course China's mafia government would have found ways to to protect their local "infringers" if it gave them control over Skype's important telecom traffic.

An open protocol using open software from more than a single (point of failure) source is a lot more reliable in the face of large scale attackers, like a government. SIP and IAX are safer.

Not really cracked until we see skype.c (1, Insightful)

Anonymous Coward | more than 7 years ago | (#15719660)

It's not really cracked until the "crack" is public.

Patent != secrets! (2, Interesting)

headqtrs (467875) | more than 7 years ago | (#15719663)

You cannot keep a protocol secret if you patent it because in the patent you have to document everything. This concept does not seem to be clear to the writer of the article.

Re:Patent != secrets! (2, Interesting)

Andy Dodd (701) | more than 7 years ago | (#15719751)

Yeah. In the case of Skype, legality of reverse engineering the protocol would depend on the EULA of the software being reverse engineered.

I'm sure Skype's EULA forbids reverse engineering the protocol, thus Skype has legal grounds to sue whoever reverse engineers the protocol for violating the license agreement.

chinks and fags. (-1, Troll)

Anonymous Coward | more than 7 years ago | (#15719693)

niggers.

AsterSkype (1)

Doc Ruby (173196) | more than 7 years ago | (#15719725)

Now that it's (reportedly) proven crackable, it should be a matter only of time before someone gets a cracked Skype protocol into an open Asterisk module.

Reverse engineering (2, Interesting)

wiredlogic (135348) | more than 7 years ago | (#15719783)

Reverse engineering is always legal. The only question is whether you have the right to do anything with the results of such activity. You can only infringe a patent directly if you engage in the commercial sale of products using patented technology.

You can be found guilty of contributory infringement if you publish detailed information about how to go about infringing a patent. This is a shady area though, since the patent itself already describes the technology in question so it boils down to an evaluation of the individual's intent.

Literally (5, Funny)

RPoet (20693) | more than 7 years ago | (#15719870)

They could literally turn the lights off on Skype in China very, very quickly

No, they could metaphorically turn the lights off on Skype in China very, very quickly.

Reverse-Engineering vs Patent (0)

Anonymous Coward | more than 7 years ago | (#15719871)

Actually, it is never against the law to rightfully reverse engineer anything, because you are doing legitimate work to build a new system.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...