Chinese company claims Skype protocol cracked
- — 17 July, 2006 08:25
Skype is dismissing a claim by a small team of Chinese engineers who say they have reverse engineered the protocol used for Skype Internet phone calls.
The development is being reported by Charlie Paglee, the chief executive officer of Vozin Communications, a voice-over-IP company that offers the Talqer plug-in for Google Talk, and which has operations in China and California. Paglee, a Mandarin speaker who has worked in China since 1987, said he knows the people in the small company that reverse engineered the Skype protocol.
Paglee wrote about the reverse engineering on his blog, and said he has been asked not to reveal the name of the company that reverse engineered the protocol.
The 10-person Chinese company, which has received venture capital funding, is planning to release in two weeks three software components based on the Skype protocol that would allow developers to create compatible applications, Paglee said. Those components comprise voice and instant messaging functions, he said.
Skype's protocol is proprietary so third party developers have not been able to build compatible applications. Some other voice-over-IP applications are based on the open SIP (Session Initiation Protocol) standard, enabling third party developers to create interoperable products.
Skype, a unit of eBay, said Friday it is aware of the claim but had "no evidence to suggest that this is true."
"Even if it was possible to do this, the software code would lack the feature set and reliability of Skype," according to a statement from Skype. "Moreover, no amount of reverse engineering would threaten Skype's cryptographic security or integrity."
By cracking the Skype protocol, the company claims it can also block Skype voice traffic, Paglee said. "They could literally turn the lights off on Skype in China very, very quickly," said Paglee, who is also a lawyer and engineer, speaking from California on Friday.
The company could transfer the technology to the Chinese government, which has continually sought ways to tighten its filtering and control over the Internet. So far, the company doesn't have any plans to market its blocking capabilities, Paglee said.
The company claims it can block calls by exploiting Skype software functions, he said. Skype's software taps users' computers to route calls. Paglee said the Chinese company can detect, map and block the computers that are passing on calls, and in doing so shut down Skype calls.
The company, however, has not been able to decrypt the phone calls passing through those computers and listen in because of the complicated encryption keys used during calls, Paglee said.
"Skype's conversations are still secure but what's not secure is their present business model of using everybody else's computer to propagate the Skype network," Paglee said.
Paglee details in his blog a call he received from the engineers using a rudimentary client. Part of the proof that the protocol had been cracked came when the engineers sent Paglee the IP address of his computer, information that normally would be encrypted during a Skype session.
"I was a little bit shocked," Paglee said. His blog can be seen at http://www.voipwiki.com/blog/.