Security Risks & Vulnerabilities in Skype
-
Upload
kelum-senanayake -
Category
Technology
-
view
3.630 -
download
0
description
Transcript of Security Risks & Vulnerabilities in Skype
Security risks & vulnerabilities in
Skype
Kelum Senanayake
Introduction
Skype proclaims that it provides a secure
method of communication.
Hundreds of millions of people have chosen to
use Skype, often on the basis of this assurance.
But there are some security risk and
vulnerabilities of Skype.
The user interface does not display a "real
Skype username" in the contact list
Skype's interface relies on the use of full names
on the contact list rather than unique user
names.
It easy to impersonate other users and
introduces substantial security risks.
Average users are easily tricked as a result.
Skype's software downloads are not
delivered over a HTTPS / SSL connection
Downloads may be tampered with by a third
party.
China has been known to produce its own
Trojan-infected version of Skype.
Users are exposed to interception,
impersonation and surveillance.
Skype could provide a backdoor entry
Skype allows users to establish direct connections with each other.
It's also "port agile"
− If a firewall port is blocked Skype will look around for other
open ports that it can use to establish a connection.
If you put Skype behind a firewall or NAT layer, 99% it will work without
any special configuration.
Skype could provide a backdoor entry into secure networks for Trojans,
worms, and viruses.
It could also provide a channel for corporate data to be freely shared
between users without any of the usual security considerations.
Skype's proprietary protocol
Skype uses a proprietary protocol instead of a
standard one such as the SIP.
This makes it an unknown from the point of view of
the vulnerabilities that might be there.
Every nonstandard application can add
unnecessary risks to your environment.
In the end no one really knows what all is built into
such an application.
References
[1] Privacy International, "Skype Called Answer Mounting Security
Concerns", [Online]. Available:
https://www.privacyinternational.org/article/skype-called-
answer-mounting-security-concerns.[Accessed: Oct. 31, 2011].
[2] Jaikumar Vijayan, "Does Skype Face Security Threat?",
[Online]. Available:
http://www.pcworld.com/article/123279/does_skype_face_secur
ity_threat.html.[Accessed: Oct. 31, 2011].