Hackers Crack Skype’s Proprietary VOIP Protocol

Skype is the current leader in VOIP technologies and generates a lot of buzz with each of the developments it makes. Skype holds its VIOP technology as its most prized possession and a hacker has recently managed to crack it!


For obvious reasons, Skype is unhappy at the blog, which pointed this out and brought down the post in question. However, it is still available on  Google Cache.

The author  Sean O’Neil  writes in his blog saying,

For over 10 years, Skype enjoyed selling the world security by obscurity. We must admit, really good obscurity. I mean really really good obscurity. So good that almost no one has been able to reverse engineer it out of the numerous Skype binaries.

It is not all security by obscurity of course. There is plenty of good cryptography in Skype. Most of it is implemented properly too. There are seven types of communication encryption in Skype: its servers use AES-256, the supernodes and clients use three types of RC4 encryption – the old TCP RC4, the old UDP RC4 and the new DH-384 based TCP RC4, while the clients also use AES-256 on top of RC4. It all is quite complicated, but we’ve mastered it all.

O’Neil  wants to say that Skype uses all the security it can to secure its voice data. There are seven encryptions involved in Skype’s protection and it was broken only for educational purpose. The people behind this hack are IT Cryptologists. However, they also admit to the fact that a part of this code was leaked and might be in use by crackers already.

Skype is being very secretive about this and is refusing to make any official reply. Clearly, it is a fault on part of the hackers that this code was leaked. Still, Skype should officially assure its users regarding this security issue.

(News Source)

Published by

Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. You can connect with him on Twitter @ckandroid.

  • I bet this is one threat that most skype users did not anticipate. When all their conversations are going through online servers there was always that risk that those conversations could be compromised. I'm sure they'll rectify the issue and make things even more secure now.

  • Recently I've actually been experiencing problems with calling out on Skype, mainly International calls, for some odd reason Skype has been giving me an invalid number error, even though in the past I've always been to call those numbers and I still can if I dial from my regular house number, so I wonder if it has anything to do with this recent hacker cracking, If it is… I hope its fixed soon!

    Till then,


    • No, it is not related to the hack. However, you problem is being experienced by many people. A fix should be on its way..

  • al3x 0wn5

    skype pwned, go to hell

  • Pingback: Big Brother is Watching – Privacy, Censorship, and Staying Anonymous | R3zn8D's (R)Evolutionary Blog()