Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Skype protocol hack could have been prevented claims StarForce

StarForce's comments come in the wake of blog postings by security researcher Efim Bushmanov who, earlier this month, claimed to have reverse engineered the Skype protocol.

"My aim is to make Skype open source," he said in a blog posting on June 3, adding links to download executable files compatible with Skype versions 1.4, 3.8, and 4.1, as well as IDA Pro disassembly database files, and - crucially, Infosecurity notes - his reverse engineered pseudo source code.

Liliya Volodina, StarForce Technologies marketing director, said that Bushmanov's took Skype's client application, disassembled the code and then worked out how the protocol plus its encryption functions operate.

"It's not clear how much time it took but it seems that the hacker was working alone", she said, adding that he is now recruiting other people holding the same views (say, other hackers) who, he says, `have enough time' to finish the project.

"Enough time is a loose concept and we can guess that he spent more than a year to disassemble the program when he worked alone. This is a good illustration of the fact that giving enough protection to a program's code may prevent its reverse-engineering for a long time, especially if the hacker doesn't know the basic principles of the protection", she explained.

Volodina went on to say that there could be tough times ahead for Skype.

In addition to the fact that the company needs to fix program instabilities, she says, it also needs to rebuild the protocol and code protection.

"It has to make major changes if it doesn't want to face a new crack in short period of time. Documentation that has appeared over the internet will allow other hackers to circumvent protection much faster if the repairs are only cosmetic", she said.

"Generally, code protection can serve various purposes - not only protection of code from analysis. Code protection could be a protection against viruses which are able to modify program operations in real time. It could also be a protection against whole system penetration via a program's weak places and it can solve the issue of connection protocol security", she added.

Volodina noted that, traditionally, program code protection has occupied only a tiny part of the IT security industry. People, she says, pay little attention to this matter and often omit it.

"For example, it is hard to find a specialised exhibition or conference dedicated to this sector only. On the other hand, the subject of private data security is met on every corner", she said.

"We should consider the fact that protection of personal data starts from protection of a program that operates with such data. To make a hacker spend years understanding how a program works will build serious obstacles on the hacker's way to steal any data", she added.

What’s Hot on Infosecurity Magazine?