You are here: Home BTG News External News Skype equals Issues

Your Trusted Partner

Skype equals Issues
Tuesday, 25 September 2007 00:00

Latest news is that Skype is now being used as a pathway to deliver viruses to unsuspecting users. More details are available here

Original Article

Skype continues to grown significantly on the back of its value proposition, free calling! On the face of it, a great deal. While this is a strong proposition, you really need to read the rest of this article to understand whats going on. In summary...

• Skype can sap your bandwidth without you knowledge, very bad if your not flat rate (i.e. most of New Zealand).
• Skype can record/listen in on your conversations.
• Skype can share/sell your personal data to others (= more spam or voice spam)
• Skype has very limited/nil interactivity with other VOIP services.

Recent articles comment on the recent service failure of Skype due to Architecture weaknesses. Further articles again raised significant security concerns regarding Skype's design.

There are serious alternatives to using Skype in a business environment that will protect both your security and your confidentiality. Contact BTG to discuss your VOIP options today.

Detail

Skype is a proprietary, closed-protocol, peer-to-peer Internet telephony client from the same creators of the KaZaA P2P file sharing application. It has the ability to operate even in the presence of moderately restrictive firewalls, due to its clever (and persistent) method of trying various transport protocols.

Other major VoIP protocols, such as SIP and H.323, usually connect directly to the remote user via UDP, which makes NAT traversal problematic. If the remote user is behind a NAT gateway or firewall, they will need NAT port-forwarding and/or firewall rules to ensure that the RTP stream is able to connect.

Skype achieves near-guaranteed connectivity by using a middleman when NAT or firewalls get in the way. Sounds like a good idea, right? Well, that middleman may be you and your unsuspecting internet connection. The scalability of the Skype network is largely due to its use of supernodes. A supernode is a Skype user whose computer is not restricted by NAT or a firewall. Ordinary Skype peer nodes use the middleman to connect their calls, if they cannot connect directly to each other.

Even though your private conversation is being routed by a complete stranger, this is not really a security risk, as the RTP stream is encrypted with AES-256. However, that supernode bears the CPU and bandwidth utilisation for that call. This is why some users notice their ISP traffic utilisation increase sharply after installing Skype.

The Skype client is able to manipulate the Windows firewall on Windows XP, as well as UPnP-enabled routers, to open ports as necessary. BTG engineers have observed a NAT'ed Skype client PC become a supernode via these means. So while you have your Skype client open, waiting for your buddies to call, have a look at blinking LEDs on your network card, or try running 'netstat' to check active connections to your PC. You may be unwittingly routing Skype calls.

If this all sounds a bit concerning, maybe you should have read the End User Licence Agreement more carefully before installing Skype. Article
4.1 states:

"You hereby acknowledge that the Skype Software may utilize the processor and bandwidth of the computer (or other applicable device) you are utilizing, for the limited purpose of facilitating the communication between Skype Software users."

Also, while Skype assures us that the actual voice communication is encrypted while in transit, their licence leads us to believe that they have the power to eavesdrop, should they choose. Article 8.1 of their Terms of Service states that (paraphrased):

"Skype may sometimes share Your personal and traffic data with carriers, distributors, partnering service providers and/or agents. Your personal and traffic data may be available to the Skype Group Administrator.
Skype and/or its local partners may need to provide such data to designated competent authorities upon request, for example with regard to the interception of communications, if requested by such authorities."

The Skype licence also expressly prohibits any reverse engineering of the protocol, so, if Skype is ever going to interoperate with competing VoIP products or services, it will be at Skype's discretion. While there has already been fairly extensive dissecting of the Skype protocol, and already quite a lot is known about it, this research has essentially been conducted illegally.

For more information please see this link Skype User Agreement.
 
Free Live Chat Software