Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Skype Back Door Speculation

Posted by CmdrTaco on from the i'm-your-backdoor-man dept.

An anonymous reader writes "According to reports, there may be a back door built into Skype, which allows connections to be bugged. The company has declined to expressly deny the allegations. At a meeting with representatives of ISPs and the Austrian regulator on lawful interception of IP based services held on 25th June, high-ranking officials at the Austrian interior ministry revealed that it is not a problem for them to listen in on Skype conversations."

5 of 210 comments (clear)

  1. Re:Open source VoIP alternatives? by Naughty+Bob · · Score: 5, Informative

    I don't use Skype (or VoIP for that matter) but I would be curious if anyone knows of any alternatives that is completely open.

    I asked the internet, she donned her Stupomitron Helmet, et voilà

    --
    "Be light, stinging, insolent and melancholy"
  2. yes by circlingthesun · · Score: 5, Informative

    There are quite a number of alternatives based on the open SIP protocol. Have a look at the list: http://www.voip-info.org/wiki-Open+Source+VOIP+Software

  3. Re:Decode the protocol? by lindi · · Score: 5, Informative

    It has been attempted. See "Silver Needle in the Skype" presentation at http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-biondi/bh-eu-06-biondi-up.pdf -- The impression I got was that it was deliberately made difficult to understand by adding all sorts of checksums and encryption layers.

  4. Re:Open source VoIP alternatives? by rubycodez · · Score: 5, Informative

    using an open standard is not the same thing as being "open source" or "completely open"

  5. Re:Open source VoIP alternatives? by TheRaven64 · · Score: 5, Informative

    Because something like this will be audited if at all possible. Skype is closed, the binary is encrypted, it auto-exits in the presence of debuggers, and does various other things to prevent reverse-engineering. And, still, someone at BlackHat took it apart and found a remote vulnerability. If it were open source and popular, a lot more people would be poking it for holes.

    More important than open source, here, is open standards. In an open standard, lots of cryptographers will look at the protocol for holes without considering the implementation details, and lots of others will look for holes in specific implementations. Implementation-related holes (such as the heap-overflow exploit in Skype) will not affect as many people, because there will be competing implementations and not everyone will be locked in to a single provider. If the hole is in the protocol (and allowing a midpoint to intercept the conversation is a hole in the protocol) then it is more likely to be found if the protocol is subject to peer review, which things like SRTP (which SIP can run on top of) have been.

    --
    I am TheRaven on Soylent News