[VOIPSEC] Soft Phone Vulnerabilities
mbaugher at cisco.com
Thu Jun 8 00:45:42 BST 2006
> What's the real problem with Skype? By that I mean what problem
> exists with it that does not exist with some other system.
This is a different question than whether or not Skype is secure.
(The Berson study attested to its security "below the session
level".) There have been several posts to this list over the past
months explaining some of the issues. In fact, there was a
presentation posted at http://www.blackhat.com/presentations/bh-
europe-06/bh-eu-06-biondi/bh-eu-06-biondi-up.pdf, which I happened to
bookmark. I don't think one can assert that Skype signaling is
secure to the extent that it relies on tamper-resisting an
implementation that might be under the control of an attacker.
It's a different question as to whether skype is more or less secure
than other systems such as sip systems. Another interesting question
is whether or not a true peer-to-peer system can be made secure.
More information about the Voipsec