With 309 million registered users,
Skype has become a service used by consumers and businesses alike. I use it all
the time for since I’m based in the UK
and my boss is in Silicon Valley – I know many
people who do the same. As so many employees are downloading and using the
latest Internet-based tools, it’s no wonder that security
concerns in the enterprise about these tools get an increasing amount of
attention. But are all of them true?
There’s been a fair amount of interest
from people like Irwin
Lazar and Daniel
Sokolov in a news story regarding potentially hidden backdoors in Skype. A
set of discussions (filled with numerous contradictions) suggest that Austrian
police seem to have a way to listen in to secret Skype communications.
As someone who has been following
the long-running history of this controversy, I thought I’d weigh in on the
discussion. While I can’t confirm the rumours, I would say this:
1) Why would the Austrian police have been given this access but nobody else? Wouldn’t some other force somewhere be a more likely candidate for this kind of access? US Law Enforcement, I’m looking at you…
2) In general, putting a backdoor in your application is not a great idea, because you can’t guarantee the wrong people are going to find, use and abuse it.
3) If it was in there, someone would find it eventually, wouldn’t they? From as far back as 2006, security researchers have been looking at Skype in close detail (I believe there was an eBay Developer Conference 2006 held in Vegas where a researcher intended to talk about reversing Skype, and of course there have been numerous Black Hat presentations about it too). Either this is the most well hidden backdoor in history, or we’re not doing a good enough job of trying to detect it.
I don’t think I’ll be losing too much sleep over this either way, until something more concrete emerges.