Vulnerabilities / Threats
6/3/2011
11:48 AM
50%
50%

Skype Protocol Cracked

Security researcher publishes reverse engineered source code in the wake of reports that Middle Eastern governments have Skype-eavesdropping tools.

A researcher named Efim Bushmanov claims to have reverse engineered the Skype protocol.

"My aim is to make Skype open source," he said in a blog post on Thursday, which included links to download executable files compatible with Skype versions 1.4, 3.8, and 4.1, plus IDA Pro disassembly database files, and source code.

Bushmanov said he decided to publicize his efforts in the wake of a story published this week in the Wall Street Journal, detailing how Middle Eastern countries' security agencies possessed tools that enabled them to eavesdrop on Skype communications. He's also hoping to recruit more people to help him finish the Skype reverse engineering, which he says isn't yet complete.

In response, Skype appears to be preparing for a fight. "This unauthorized use of our application for malicious activities like spamming/phishing infringes on Skype's intellectual property," said the company in an emailed statement. "We are taking all necessary steps to prevent/defeat nefarious attempts to subvert Skype's experience. Skype takes its users' safety and security seriously and we work tirelessly to ensure each individual has the best possible experience."

But is Bushmanov operating in the clear? Typically, copyright law makes an exception for reverse engineering software, provided it's done correctly. One of the most famous examples of reverse engineering done right happened in the 1980s, when Phoenix Technologies wanted to build a BIOS that was compatible with IBM's proprietary BIOS.

To protect itself against accusations that it had copied IBM's BIOS, Phoenix created a team that used a Chinese wall approach. Namely, the team observed the IBM BIOS, and described everything it did without referencing any code. Next, a different team of developers with no previous BIOS experience of any kind took the first group's specifications, then wrote their own BIOS, ultimately enabling companies to begin building IBM-compatible PCs.

Another famous reverse engineering case involved Andrew Tridgell, who studied Microsoft's Server Message Block (SMB) protocol until he understood it well enough to write Samba. This open source code now enables Unix, Linux, and Mac OS X systems to communicate with Microsoft Windows networks and clients, including Active Directory domains.

Key to Tridgell's work, however, was that "he didn't decompile any of Microsoft's code. He simply watched the traffic generated by SMB implementations until he understood it well enough to produce an alternative implementation," said Paul Ducklin, Sophos' head of technology for Asia Pacific, in a blog post.

Has Bushmanov done his reverse engineering by the book, as Tridgell did with Samba? "If Bushmanov hasn't taken this 'clean' approach--and the presence of IDB files (IDA Pro disassembly databases) amongst his published downloads suggests that he has not--then this could end up in an interesting legal battle," said Ducklin.

But recent court cases involving device or software modifications haven't always ended in manufacturers' favor, legally or otherwise. Notably, in January, Sony sued well-known hacker George Hotz (aka Geohot), together with 100 other people (mostly unnamed), alleging that they'd "jailbroken" the PlayStation 3, circumventing its security measures in violation of the Digital Millennium Copyright Act and allowing people to play unauthorized or pirated games. In March, Sony settled with Hotz. Terms of the settlement were not disclosed, although Hotz agreed to not publish any further, related code.

Sony claimed victory, but it was short-lived, as the company soon began suffering a crippling series of data breaches in apparent retaliation for its lawsuit.

Skype, of course, was recently acquired by Microsoft for $8.5 billion, which means that the next move in this case is Microsoft's. But an open source version of Skype may actually benefit Microsoft, said Ducklin. For starters, it might quiet Skype critics who want to know the security protocols it relies on. Furthermore, it might prevent people from building Skype competitors, instead treating Skype as a standard, and creating their own clients.

"Microsoft could simply give up on the existing Linux and OS X code bases without creating any bitterness amongst those communities," he said. "They'd be able to take up the software development reins--just as gung-ho open sourcers are supposed to if they don't like what's already on offer."

In this new Tech Center report, we profile five database breaches--and extract the lessons to be learned from each. Plus: A rundown of six technologies to reduce your risk. Download it here (registration required).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.