I have always favored Skype over other instant messaging apps because of one thing: its proclaimed strong encryption behind the scenes. I know of companies that’ll summon the IT SWAT team to your cubicle if you’re found to have disabled the anti-virus software on your PC, yet nobody cares if you’re chatting away (possible company secrets?) on Yahoo or MSN instant messager. With trojans, malware, and “spim” (spam on IM) on the rise constantly trying to infiltrate your PC, it’s unbelievable that a company wouldn’t consider security measures on the IM front.
But now a researcher, Efim Bushmanov, has reverse engineered Skype’s protocol and encryption mechanism. Moreover, he’s made all his research material available online — free of charge. In summary with words that’ll pique the interest of any serious hacker (black and whitehats alike):
You will see what it uses strong AES and RSA encryption with public key infrastructure.
Bushmanov may have a noble intent of open sourcing Skype with this freelance research project, but it’s doubtful that Microsoft (Skype’s new owner) shares the same sentiment. In fact, Skype is also the preferred communication tool among worldwide dissidents and activists, so the impact of this very public research will definitely make waves throughout regions such as China and the Arab world.
Although this research is evidence that my future Skype sessions won’t be as safe as previously implied, perhaps it’s a good thing that this illusion of secure communications is being exposed. After all, if one person was able to reverse engineer it, what’s to say that it hasn’t already been done in some top secret government agency with much more resources at its disposal?
It’ll be very interesting to see how this story develops, not only from the technical perspective, but also the legal and geopolitical issues surrounding it.