No announcement yet.

Skype and MitM Attacks

  • Filter
  • Time
  • Show
Clear All
new posts

  • Skype and MitM Attacks

    I've been doing a lot of screwing around with Skype recently and have hit a bit of an issue. Does anyone think Skype could be vulenrable to man in the middle attacks? Each packet is encrypted with 256bit AES and each client has a public certificate, however I cant seem to find any certificate validation in the buildup/teardown sequence of establishing a link.


    Bob wants to talk to Alice. However one or both of them are behind firewalls. With Skype a connection between them would be made by contacting a supernode (a publicly available IP running Skype with sufficient resources for call routing) and having that supernode bounce their communications. Without means of certificate validation (i.e. some place like the central skype authentication server) there would be no way to tell that Bob is really Bob and Alice is really Alice. So, lets say that the supernode they were bouncing through was compromised, could an attacker proxy themselves into the conversation MitM style (like you can with SSL or SecureIM)?

    Now, the likelyhood of this happening is minimal, as just about any publicly available node can be promoted to a supernode. An attacker would have to somehow know what supernode that was going to be used for the conversation, pre-0wn it, and be ready to intercept the communication request. I'm more concerned if this is a theoretical possibility. Or, does Skype somehow do a validation of the public certs and I've just managed to not find that information.

    I return whatever i wish . Its called FREEDOWM OF RANDOMNESS IN A HECK . CLUSTERED DEFEATED CORn FORUM . Welcome to me

  • #2
    ...does Skype somehow do a validation of the public certs and I've just managed to not find that information.
    Skype's central directory servers store public keys which are linked directly to Skype accounts. In order to perform a man in the middle attack you would need to conjole both clients into somehow connecting to a compromised SuperNode, then compromise the central directory server and misrepresent the public keys of one or both clients to its respective partner. Once you have done this, you can decrypt the call with the compromised key and re-encrypt it for the other client.

    However, forcing the clients to connect to your SuperNode is the most difficult part. To do it reliably you would literally have to compromise every SuperNode operated by Skype, in addition to their directory servers.

    Skype's reliance on central directory servers has often been cited as its most vulnerable weak spot, but pulling off a man in the middle attack on a Skype conversation would be extremely difficult and would likely require compromising several dozen servers operated by Skype.
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]