Skype Protocol Has Been Cracked 279
nsrCZ writes "The Skype core protocol has been reverse-engineered by a Chinese company. The interesting thing is, that although the protocol is closed, it is not patented and thus it is not against the law to crack it. If it's true, then it could affect the whole eBay/Skype business in many ways, including that they might not get their piece of the emerging Chinese cake." From the article: "By cracking the Skype protocol, the company claims it can also block Skype voice traffic, Paglee said. 'They could literally turn the lights off on Skype in China very, very quickly,' said Paglee, who is also a lawyer and engineer, speaking from California on Friday. The company could transfer the technology to the Chinese government, which has continually sought ways to tighten its filtering and control over the Internet. So far, the company doesn't have any plans to market its blocking capabilities, Paglee said."
Net Neutrality (Score:2, Interesting)
Why would a protocol be closed anyway? (Score:2, Interesting)
Just curious...
Isn't that sweet? (Score:3, Interesting)
Don't you just love when people speak with certainties about yet unreleased things? Sure, it may well lack it for about 24 days. Then what happens? I'm not convinced that people would base stand alone software on that protocole anyway. More likely soe SIP clients would implement the protocole as an add on.
If it were patented (Score:3, Interesting)
Blocking (Score:4, Interesting)
Re:Does it really matter? (Score:1, Interesting)
link to info on skype protocol (Score:5, Interesting)
Silver needle in the Skype at Blackhat Europe [secdev.org]
No one should use Skype anyway (Score:3, Interesting)
The Skype's the Limit (Score:3, Interesting)
Of course China's mafia government would have found ways to to protect their local "infringers" if it gave them control over Skype's important telecom traffic.
An open protocol using open software from more than a single (point of failure) source is a lot more reliable in the face of large scale attackers, like a government. SIP and IAX are safer.
Re:Open Source? (Score:3, Interesting)
Patent != secrets! (Score:1, Interesting)
Re:I'd assumed they'd done this already. (Score:1, Interesting)
Re:Patent != secrets! (Score:3, Interesting)
I'm sure Skype's EULA forbids reverse engineering the protocol, thus Skype has legal grounds to sue whoever reverse engineers the protocol for violating the license agreement.
Re:Innovation (Score:5, Interesting)
If skype had patented its system, it would have had to disclose elements of its protocols which would make it quite easy for any espionage shop to infiltrate, route around or otherwise frustrate.
Consider, for instance, a lock manufacturer. Their cylinders are described in exquisite detail in their patents. A person skilled in the art of lock-picking might find their patents to be of particular interest. But if the lock incorporates security mechanisms which defeat all potential attacks, it doesn't matter if they are disclosed.
However, if the companies key manufacturing division and distribution network are infiltrated, then a duplicate key can probably be manufactured with a modicum of difficulty. That's why such practices are not disclosed in the patent, and are usually subject to "trade secret" regulations.
P.S. I'm not so sure that the NSA and CIA let IP laws get in the way of espionage.
Re:link to info on skype protocol (Score:3, Interesting)
1) Almost all (if not every bit) of this is not new information, it was already broken in the above referenced article.
2) Blocking the traffic was already described in the article, all the Chinese government had to do was read the paper some time ago instead of waiting for these schmucks to "discover" it.
3) If you read the paper you'll see how much work Skype goes through to make it hard to dissassemble their code and protocols. I'm sure if blocking in China becomes an issue they'll have the same smart people who did it the first time further obfuscate things (of course, for all the same reasons I'm not a fan of the Skype software to begin with, but that's another story).
Re:Innovation (Score:1, Interesting)
Reverse engineering (Score:3, Interesting)
You can be found guilty of contributory infringement if you publish detailed information about how to go about infringing a patent. This is a shady area though, since the patent itself already describes the technology in question so it boils down to an evaluation of the individual's intent.
Re:It could indeed. (Score:4, Interesting)
Re:Interoperability (Score:3, Interesting)
Hear that, everyone?
If you're one of the millions who found a ton of value in Skype before it was cracked, you were very, very wrong, because this anonymous Internet jackass has said so. No matter how valuable you think Skype was before, it really wasn't.
You know all the money you saved on long distance calling since Skype dropped the fees behind North American calls? That didn't happen either.
But, as you'll guess, now Skype will become useful, as it will become interoperable with some piece of garbage OSS code that will be orphaned within five seconds of its Alpha version being released. Now that's value.
Re:link to info on skype protocol (Score:5, Interesting)
Re:Tapping (Score:5, Interesting)
For all such transactions, whether they are SSL, SSH, or some proprietary technology like Skype, you have to trust the site that holds the server keys or the people that write the software not to embed backdoors or fake keys to allow tapping. There are even technical reasons to permit such forgery: web-proxies for high-availability banking transactions, for example, may want to have their SSL keys multi-hosted. I've sat in on discussions about exactly that sort of approach and its security consequences.
Anyone who assumes that Skype conversations is immune from a legal wiretap order or even an unconstitutional Patriot Act order that Skype dare not publish due to the Patriot Act's nature is engaging in wishful thinking. If you want real end-to-end encryption, you have to have personal control of the key exchange. In fact, that's how PGPphone used to work, if you can still lay your hands on a copy of it. It just never got broadly enough deployed, or provided the convenience and computer->cheap telephone call services that Skype provides.
Re:Innovation (Score:5, Interesting)
Skype don't get their money from people installing their client, they get their money from people paying for the extra services like SkypeOut, SkypeIn, and so on. They should regard maintaining the Skype clients as an unwanted hassle. What they really want is as many people as possible connecting to their servers and using the extra services. This is separate from the protocol.
If I was an executive at Skype, I would view this as a good thing for the company. It's only going to result in more users. It's strange that Skype didn't voluntarily open up their protocol earlier!
Re:Wouldn't it depend on perspective? (Score:4, Interesting)
Skype's lawyers can see it however they want - but in this instance, they have no legal leg to stand on. It's not illegal to replicate something protected as a trade secret. (It *is* illegal to steal or 'borrow' it, or to hire employees from a rival to 'work on your own _x_'.)
PGP Phone (Score:3, Interesting)
Oh, I'm sure you can find it floating around somewhere [slashdot.org].
Re:Innovation (Score:3, Interesting)
Automobiles they have "chery" whose entire line-up are shoddy copies [paultan.org] of cars already produced by other manufacturers.
We have Huawei, who has literally stolen Cisco's router code [microscope.co.uk] to make a "competing product".
And then we have their military who happened to... yes steal [theepochtimes.com] their designs as well (at least the stuff they didn't just purchase from Russia and reverse engineer).
So exactly what are these innovations taking place in China you wanted to defend?
BTW, there's PLENTY more examples to prove how they don't innovate at all, just steal/reverse engineer/copy others if you need them.
Re:Innovation (Score:2, Interesting)
This is interesting, especially since the Bush administration recently pressured the Swedish government to close down The Pirate Bay, referring to American copyrights. According to the Swedish national television, the US threatened with WTO sanctions if we do not adhere to signed treaties. Looks like hypocrisy to me.
Not that I care about The Pirate Bay (apart from their legal [thepiratebay.org] page), I do care about hypocrisy in politics though.
Re:Innovation (Score:4, Interesting)
On the flipside some of the stereotypes and comments are well deserved. I mean, read comp.lang.c for a week. You'll get a lot of "I have to write this program and I don't have the first damn clue" types of posts, amazingly enough mostly from India. Look at phishing stats, they're mostly organized by people in Eastern block countries. That's not conjecture or hyperbole that's the truth. China does have a track record for more than just reverse engineering. Classic IP violations are more common than in other nations [although I wouldn't say it's epidemic like some people suggest].
So like all nonsense there is some element of truth to it.
Tom
Re:Blocking (Score:3, Interesting)
I don't think NARUS can tell when voice calls start and stop if I'm running remote Terminal Services (RDP and/or Citrix), other VPNs to other customers (within the SSH), web traffic, email, steaming music (last.fm [www.last.fm]. While I'm very unique, and what I do is unique, I don't think TS and/or steaming music is unique. My workflow involves constant open VPNs with SSH and/or telnet and/or RDP. With it all run over a single SSH over TCP/443, there is no way to break down what is going on by traffic signatures, unless I do nothing but the voice call. However, I always have debugs and remote desktop running in the background coming in.
I think a NARUS box only works if it can see where the traffic is really going to. Since I proxy/tunnel all my traffic to a host I have on a DS3, it would be totally blind without being able to see what traffic is coming out of that host (which has tunnels of many of my users coming out).