Skype hack: Breach could have been prevented – StarForce

Skype Technologies S.A. logo

US$8.5 billion VoIP service hacked

Hack could have been delayed or prevented says StarForce

By ECM Plus staff

ECM Plus +++ The recent high-profile hacking of Skype could have been prevented – or at least delayed – by better software protection, according to copy protection software specialist StarForce Technologies.

According to the company, Russian hacker Efin Bushmanov has cracked Skype’s protocol and data encryption mechanisms. Bushmanov has also made it publicly available for the public.

StarForce said that the cracking appeared to have been achieved with a reverse-engineering method that is normally used for PC games and software cracking.

Commenting on the VoiP breach, Liliya Volodina, StarForce Technologies marketing director, said: “He took Skype’s client application, disassembled it and understood how the protocol and encryption work. It’s not clear how much time it took but it seems that the hacker was working alone.

According to Volodina, Bushmanov is recruiting other people holding the same views (say, other hackers) who, he says, ‘have enough time’ to finish the project.

“‘Enough time’ is a loose concept and we can guess that he spent more than a year to disassemble the program when he worked alone. This is a good illustration of the fact that giving enough protection to a program’s code may prevent its reverse-engineering for a long time, especially if the hacker doesn’t know the basic principles of the protection.”

Added Volodina: “There could be a tough times ahead for Skype. In addition to the fact that the company needs to fix program instability (in recent times it has crashed pretty often) it needs to rebuild the protocol and code protection. It has to make major changes if it doesn’t want to face a new crack in short period of time. Documentation that has appeared over the internet will allow other hackers to circumvent protection much faster if the repairs are only cosmetic.

Generally, code protection can serve various purposes, Volodina further explained, and not only protection of code from analysis. Apparently, code protection could be a protection against viruses which are able to modify program operations in real time. It could also be a protection against whole system penetration via a program’s weak places and it can solve the issue of connection protocol security, Volodina said.

“Traditionally program code protection has occupied only a tiny part of the IT security industry. People pay little attention to this matter and often omit it” noted StarForce’s Volodin. “For example, it is hard to find a specialised exhibition or conference dedicated to this sector only. On the other hand, the subject of private data security is met on every corner. We should consider the fact that protection of personal data starts from protection of a program that operates with such data. To make a hacker spend years understanding how a program works will build serious obstacles on the hacker’s way to steal any data.”


Advertisements

Leave a comment

Filed under Content Protection, Content Security, Data privacy, Data protection, Industry News, Security Content Management (SCM)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s