Skype provides many powerful features for voice and text communications at a near-zero cost. Unfortunately, Skype also is wrought with implementation flaws and shows signs that it is likely to be a source of significant security problems. A sound enterprise network security architecture would justify the use of a big-brand target like Skype only if the application had sound communications protocols, well-built software using generally accepted security technology, and good vendor support. Skype is lacking in all these areas.
The likelihood of an attacker successfully reverse-engineering either Skype's cryptography or its underlying communications protocol is high. Skype uses a proprietary encryption scheme on top of a proprietary communications protocol. There are no public specifications, no multiple interoperable implementations and no publicly available security reviews of the protocols that vet the potential vulnerabilities. There is one Skype-funded review of the cryptography (see DocFinder: 1227), but it doesn't cover the protocol or the implementation. Furthermore, Skype implements peer-to-peer communications, thus facilitating unauthorized use of bandwidth.
From a hacker's perspective, the potential to compromise Skype clients on the Internet and conduct zombie or direct-endpoint system attacks is appealing. Skype is architected with ease of use, not security, in mind. It's very difficult to avoid configuring the client for automatic logon, thus immediately announcing itself to the Internet. Skype is designed to share too much information in the form of contact details.
Furthermore, our testing has uncovered flaws in Skype's use of Windows' multimedia capabilities. For example, we've seen Skype switch the microphone on by itself (imagine if an attacker could turn your Skype client into a wiretap), fail to terminate calls when a user commands it to disconnect (imagine a telephony-base phishing attack) and periodically cause the microphone driver to fail (imagine an incoming call with an attack payload in the protocol, compromising the client and allowing it to attack your computer).
Skype has gone from an obscure but wildly popular start-up to a cog in the great wheel of eBay's infrastructure, including the retail giant's virtually invisible support system. If a security problem were found in Skype, it would be essentially impossible to report, because the report would be lost in the blizzard of auction complaints that eBay's support system receives.
Using Skype puts an enterprise in violation of its own local network use policy because it's an unsecure software component that uses the network in a questionable manner.
This is not to say that Internet-based telephony is a bad thing. However, because of security concerns, Skype is definitely not my choice for how to provide that solution.
The opposing viewpoint by James Gaskin. - Discuss!
Your thoughts
Thayer is a private network security consultant in Mountain View, Calif. He can be reached at rodney@canola-jones.com.