« Previous post
Next post »

July 14, 2006

Skype Protocol Hacked

Michael Arrington

44 comments »

Reports are coming in from Asia that the Skype protocol has been hacked. If accurate, this means that users can access the Skype VOIP network without using the Skype client - calls could be made through third party software directly to and from Skype users. A Skype-compatible client may be available by the end of July.

The reports are also suggesting that the new software will not support Skype’s super node architecture, meaning that users will not have the resource drain that often comes with running Skype. While this is great for the users of the hack, it could destabilize, or at least slow down, the entire Skype network.

I spoke to a Skype spokesperson this evening about the story. Her comment was “We have not had time to evaluate or confirm the story, and so do not yet have any comment.” Their instincts will tell them to take legal action (which may not have any effect since the company claiming to have done this is in China). But what they should do is use this as an opportunity to open up the protocol and allow third party developers to build Skype compatible applications (under Skype’s terms).

Update: Skype PR sent the following statement over to me at 11 AM PST on 7/14/06:

Skype is aware of the claim made by a small group of Chinese engineers that they have reverse engineered Skype software. We have no evidence to suggest that this is true. Even if it was possible to do this, the software code would lack the feature set and reliability of Skype which is enjoyed by over 100m users today. Moreover, no amount of reverse engineering would threaten Skype’s cryptographic security or integrity

Screen shot of the third party client:

  • Sphere It

This entry was posted on Friday, July 14th, 2006 at 12:21 am and is filed under Company & Product Profiles. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Trackbacks/Pings (Trackback URL)

  1. TechCrunch Japanese アーカイブ » Skypeのプロトコル、ハックされる

    July 14th, 2006 at 1:37 am

  2. Yoick - Hightechwire » Blog Archive » Skypehattack: opening the kimono

    July 14th, 2006 at 2:36 am

  3. Ole Christian Enger

    July 14th, 2006 at 4:03 am

  4. David “Dsquared” Dalka - Creating Revenue and Retention » Skype Protocol Hacked?

    July 14th, 2006 at 5:29 am

  5. Net

    July 14th, 2006 at 6:15 am

  6. Peer Watch » SkypeGate sphere

    July 14th, 2006 at 6:26 am

  7. What are the chances? » at Tom Raftery’s I.T. views

    July 14th, 2006 at 6:54 am

  8. Skype Protokoll gecracked, Clone kommt aus China » Peter’s Webmaster Blog

    July 14th, 2006 at 7:16 am

  9. dready

    July 14th, 2006 at 8:03 am

  10. Propos et Commentaires du Climenole » Skype “craqué”: rétro-ingénérie et sécurité

    July 14th, 2006 at 10:26 am

  11. לינמגזין

    July 14th, 2006 at 10:44 am

  12. HAPHT » Blog Archive » links for 2006-07-14

    July 14th, 2006 at 11:18 am

  13. Protocolo de Skype hackeado - messenger.es, todo sobre la mensajería instantanea descargar messenger gratis msn yahoo gtalk skype gaim

    July 14th, 2006 at 2:07 pm

  14. Skype Protocol Gets Hacked

    July 14th, 2006 at 9:13 pm

  15. dotcomUNDERGROUND - Blogs on Technology, Bangladesh, Underground and Life

    July 15th, 2006 at 12:08 am

  16. jamesbooker.co.uk

    July 15th, 2006 at 12:18 am

  17. Lunch over IP

    July 15th, 2006 at 3:02 am

  18. andre bar'yudin

    July 15th, 2006 at 3:11 am

  19. 9rules Featured » Blog Archive » Skype Protocol Hacked

    July 15th, 2006 at 7:42 am

  20. Wastern’s Web » Blog Archive » Skype Hacked?

    July 16th, 2006 at 5:58 am

  21. Dotpod — ¿Hackearon Skype?

    July 17th, 2006 at 4:26 pm

  22. Anonymous

    July 21st, 2006 at 8:24 am

  23. Blue Box: The VoIP Security Podcast

    August 18th, 2006 at 6:16 pm

  24. Techcrunch » Blog Archive » Pissing Off Skype

    January 8th, 2007 at 6:39 pm

  25. Multimedias.mobi » Pissing Off Skype

    January 8th, 2007 at 9:00 pm

  26. TechCrunch en français » Pour rendre Skype furax il suffit de …

    January 9th, 2007 at 3:36 am

Comments

RSS feed for comments on this post.

  1. Eric Willis

    July 14th, 2006 at 12:38 am

    Nice. I would like to see Skype to PBX integration…running Skype on an Asterisk server could be a big deal.

  2. Dario

    July 14th, 2006 at 3:06 am

    @Eric: Yes,me too. Read this:

    http://dariosalvelli.wordpress.....-provider/

  3. James Booker

    July 14th, 2006 at 3:53 am

    I think that Skype would be foolish not to open up their protocol (assuming it’s secure and can’t be used for buffer-overflow attacks)

    The Skype network makes its money from calls to and from real-live telephones, and since that information is stored by skype itself (i.e. how much credit a user has) there’s no reason Skype shouldn’t open up their protocol, as it won’t cut their profits.

    In fact, their bandwidth bills would be reduced!

  4. Stephen Paul Weber

    July 14th, 2006 at 5:17 am

    Skype-to-Jabber transport, anyone? :D

  5. san iti

    July 14th, 2006 at 5:20 am

    Skype make a great deal of money from advertising. This may be diminishing returns, but it is a significant input to average revenue per user.

    By exposing an API, they allow the Skype user base to be exploited by applications that do not let the adverts come through.

    OTOH, if other voip/im players start federating chat and voip between clouds it will mean migration away from Skype regardless, and other players who don’t buy in.

    So Skype, and the rest, will have to start thinking about value add features they can add to the experience that are compelling, and provide revenue other than PSTN breakout, which again, produces diminishing returns with larger penetration, and as PSTN networks are replaced by VOIP.

  6. LostInBrittany

    July 14th, 2006 at 5:34 am

    @ Eric and Dario :

    To me too, being able to integrate Skype to Asterisk would be a wonderful feature. It could help many entreprises to take the big step and change to full VoIP.

    In my precedent job, we would have payed big money for having a realiable and simple way to connect our Asterisk PBXs to Skype network.

  7. Matthew Gertner

    July 14th, 2006 at 7:26 am

    Perhaps I’m missing something, but Skype does have an API that allows third-party developers to access its network (https://developer.skype.com/). Granted, end users have to have Skype installed to use apps developed on top of this API, but this seems fair enough to me. It’s certainly makes Skype the most open of the major proprietary VOIP/IM vendors.

    It’s also news to me that Skype makes any significant revenue from advertising (as stated in a previous comment). As far as I know they make all their revenues from connectivity to POTS networks (SkypeOut/SkypeIn). Once again, I’m not an authoritative source, but I’ve used Skype intensively for a couple of years and I’ve yet to see an ad.

  8. telecommer

    July 14th, 2006 at 8:21 am

    does this mean Voip calls could be made worldwide without charge? http://www.telecommer.com

  9. Brian McConnell

    July 14th, 2006 at 8:34 am

    The only reason this is a story is that Skype runs a closed system. The telephone network, that dinosaur everyone loves to hate, is based on worldwide interoperability, which is why you can make a call from your SF landline to your buddy’s cellphone in England.

    I built a teleconferencing system that is accessible via a local phone call in 40 countries, and worldwide via VoIP (SIP). The only major telephone network that we’re not peered with is Skype, and that is because they do not support SIP, which has been a global standard for VoIP for years (ratified by the IETF).

    Gizmo (www.gizmoproject.com), which is nearly identical to Skype in terms of functionality, is built upon SIP and Jabber. It took us an afternoon to figure out how to peer with them, and it didn’t cost us a dime to do so.

    Likewise Skype could open up their network to the world just by supporting SIP for voice and XMPP for IM. There is no technical reason they can’t do this, and in fact they have, but only for certain companies.

    People should really look into Gizmo, it’s very competitive with Skype in terms of features, and it works with Asterisk or any other SIP service (the Gizmo client can be registered with the Gizmo network and a third-party SIP service simultaneously).

  10. Daniele Levy

    July 14th, 2006 at 9:23 am

    eBay (Skype’s parent) does not have a history of easily/readily opening up its platform to the benefit of 3rd parties - or the world in general. Instead, it has focused on strengthening its own platform to make others less relevant. I would bet that they take this strategy with Skype as well.

  11. Sam Sethi

    July 14th, 2006 at 9:38 am

    IF true then I agree this is a good chance for Skype to allow third party clients. Personally I would like Skype to adopt open standard like XMPP, SIP etc. I would also like MSN, Yahoo etc to do the same.

    Interoperability should be the key for IM/VoIP clients. Imagine only being able to send emails to certain people or mobile phones to sent networks? That scenario did exist at one point in time but now we all take it for granted that we can interoperate. The same needs to happen for IM/VoIP!

    If anyone would like to reverse engineer the MSNNP12 protocol used in Messenger 8 that might make it interesting.

  12. Jake

    July 14th, 2006 at 12:17 pm

    Way to bite the hand that feeds….

  13. Edward Vielmetti

    July 14th, 2006 at 12:39 pm

    I’ll second the Gizmo recommendation, and note that Telesthetic runs free POTS to SIP dialin gateways with local numbers all through the state of Michigan (though you can dial from anywhere). Gizmo is SIP based.

    The Gizmo client talks to Google Talk IM sessions out of the box, which is so amazingly nice to not have to get yet another incompatible IM network.

  14. Jonathan Zencovich

    July 14th, 2006 at 4:29 pm

    I would beg to differ, with enough reverse engineering you can find out ANYTHING you want about a certain software, encryption not excluded.

    Interesting article, hopefully Skype will make some steps, perhaps to Open Source?

    –Jon Z | http://jzencovich.blogspot.com

  15. NormanTheGamer

    July 14th, 2006 at 5:11 pm

    Probably no legal action because the developers are in China. So it will be a technical thing. Skype will turn this into a protocol arms race.

    It’s their network and their protocol — they can change it every 30 seconds, in stupid ways if that’s what it takes, to win. Recall that the big IM networks went on fighting Trillian/Gaim for quite some time, before quietly relenting.

    It’s quite likely the Skype guys will be a lot more challenging as a reverse engineering opponents. We can only hope a team from eBay works on it :-)

  16. Trik

    July 15th, 2006 at 2:20 am

    This can lead to a protocol war

  17. tropicaljantie | jan geirnaert

    July 17th, 2006 at 8:43 pm

    ask yourselves, who did it, why did they do it, and what will be the consequenses.

  18. SuS

    July 24th, 2006 at 1:37 pm

    HaCKeD ßy SuS Admin AcıĞını KaPat…

« Previous post
Next post »