Andy informs us about an unexpected experience while using Skype and an independent but associated Skype Answering Machine. When he “skyped” a colleague who was already in a Skype session. Evidently, the colloegue was also running SAM, an independently developed answering machine for Skype. Instead of an independent session, he was conferenced to the existing session. Is there a security problem with Skype?
It is obvious there is a bug, but I doubt the problem is with Skype. Since SAM is running on top of Skype, I suspect that SAM has access to unencrypted media and my suspicion is SAM is mixing the two flows. If I am proven right, then Skype will face issues like this because third party developers make erroneous use of Skype API and by implication Skype is faulted.
If I remember correctly, Om’s reference to Skype’s security issues are related to NAT/Firewall traversal as narrated by Peerio CEO.
By the way, SkypeOut calls are not encrypted and could easily be intercepted by the supernode involved in the call.
Update: Andy heard back from Skype PR. According to them, as I suspected, the problem is with SAM. They are planning to certify add-on programs to avoid this kind of problems in the future. Another source of revenue for Skype? Good for them, they need it. :-)
Posted by aswath at January 7, 2005 07:15 PM
Aswath, Correct on SAM. The problem is not Skype's alone. We will see a plethora of new answer machines. Most of these are hijacking the Windows Media stream. Broadening the context of this is important. It seems I was taken for task for pointing out
While SAM is the illustration. You don't need to connect to the Skype API to hijack the audio stream. The API potentially makes the answermachine less susceptable to making these errors.
Posted by: Stuart at January 9, 2005 10:29 PM