Skype insecurities
0 Comments
On BlackHat Europe 2006 Philippe Biondi and Fabrice Desclaux presentated a fascinating (and very complex) reverse engineering analysis of Skype.
Trying to block the UDP traffic Skype generates they provided an IPTables command that can be modified to produce an IDS signature:
iptables -l FORWARD -p udp -m lenght --lenght 39 -m u32 --u32 '27&0x8f=7' --u32 '31=0x527x4833' -j DROP
They also achieved to manipulate Skype traffic to oblige a client to send packet to any destination.
Skype actually reports more than 50 millions unique usernames and SkypeStats reports concurrent activity peaks at 5.5 millions users in this moment.
This means a new worm exploiting this design flaw could create the biggest bot network ever.
Final considerations are really important:
Consider this report when you'll work with VoIP assessment toolbox I posted on the previous post.
Trying to block the UDP traffic Skype generates they provided an IPTables command that can be modified to produce an IDS signature:
They also achieved to manipulate Skype traffic to oblige a client to send packet to any destination.
Skype actually reports more than 50 millions unique usernames and SkypeStats reports concurrent activity peaks at 5.5 millions users in this moment.
This means a new worm exploiting this design flaw could create the biggest bot network ever.
Final considerations are really important:
- Hard to enforce a security policy with Skype
- Jams traffic, can't be distinguished from data exfiltration
- Incompatible with traffic monitoring and IDS
- Impossible to protect from attacks (which would be obfuscated)
- Total blackbox
- Fully trusts anyone who speaks Skype
Consider this report when you'll work with VoIP assessment toolbox I posted on the previous post.
Most Recent Articles
0 Comments:
Post a Comment
Links to this article:
Stay up to date |
|