Security Risks & Vulnerabilities in Skype
1 like2,758 views
Skype claims to provide secure communication but has several security risks and vulnerabilities. It does not display unique usernames, making impersonation easy. Software downloads are not encrypted, exposing users to tampering. Skype's direct peer-to-peer connections and port scanning capabilities could allow malware to bypass firewalls. Additionally, Skype's proprietary protocol is not open for review, so its security properties are unknown.
![References
[1] Privacy International, "Skype Called Answer Mounting Security
Concerns", [Online]. Available:
https://www.privacyinternational.org/article/skype-called-
answer-mounting-security-concerns.[Accessed: Oct. 31, 2011].
[2] Jaikumar Vijayan, "Does Skype Face Security Threat?",
[Online]. Available:
http://www.pcworld.com/article/123279/does_skype_face_secur
ity_threat.html.[Accessed: Oct. 31, 2011].](https://image.slidesharecdn.com/securityrisksvulnerabilitiesskype-111206233227-phpapp02/85/Security-Risks-Vulnerabilities-in-Skype-7-320.jpg)
Security Risks & Vulnerabilities in Skype
- 1. Security risks & vulnerabilities in Skype Kelum Senanayake
- 2. Introduction Skype proclaims that it provides a secure method of communication. Hundreds of millions of people have chosen to use Skype, often on the basis of this assurance. But there are some security risk and vulnerabilities of Skype.
- 3. The user interface does not display a "real Skype username" in the contact list Skype's interface relies on the use of full names on the contact list rather than unique user names. It easy to impersonate other users and introduces substantial security risks. Average users are easily tricked as a result.
- 4. Skype's software downloads are not delivered over a HTTPS / SSL connection Downloads may be tampered with by a third party. China has been known to produce its own Trojan-infected version of Skype. Users are exposed to interception, impersonation and surveillance.
- 5. Skype could provide a backdoor entry Skype allows users to establish direct connections with each other. It's also "port agile" − If a firewall port is blocked Skype will look around for other open ports that it can use to establish a connection. If you put Skype behind a firewall or NAT layer, 99% it will work without any special configuration. Skype could provide a backdoor entry into secure networks for Trojans, worms, and viruses. It could also provide a channel for corporate data to be freely shared between users without any of the usual security considerations.
- 6. Skype's proprietary protocol Skype uses a proprietary protocol instead of a standard one such as the SIP. This makes it an unknown from the point of view of the vulnerabilities that might be there. Every nonstandard application can add unnecessary risks to your environment. In the end no one really knows what all is built into such an application.
- 7. References [1] Privacy International, "Skype Called Answer Mounting Security Concerns", [Online]. Available: https://www.privacyinternational.org/article/skype-called- answer-mounting-security-concerns.[Accessed: Oct. 31, 2011]. [2] Jaikumar Vijayan, "Does Skype Face Security Threat?", [Online]. Available: http://www.pcworld.com/article/123279/does_skype_face_secur ity_threat.html.[Accessed: Oct. 31, 2011].