DBSA:2013-0002

From Digibase Knowledge Base
Jump to: navigation, search

DBSA ID: 2013-0002

Regarding: Skype Chat Security

Writeup: Kradorex Xeron (talk) 01:23, 21 May 2013 (EDT)

Date: 2013 05 21

Last Modified: 20130521020038 by Kradorex Xeron

Who should take note: All Skype users

Classification

Priority: URGENT

Rationale: Users must be able to take action to ensure their data is secure.

Severity: MEDIUM

Rationale: The skype protocol has been displayed to have a weakness whereas a third party may compromise data mid-communication.

Spread of Issue: CROSS-PLATFORM HIGH

Rationale: Millions of users use Skype across multiple platforms.

Description

Skype is a voice, video and text chat suite targeted toward users across the world, it is designed with simplicity in mind. The vendor (Microsoft) has been shown to be capable of intercepting the chat communication mid-transit between users.

Technical Details

The Skype protocol's security is able to be compromised by the vendor by means of decrypting chat messages at the Skype servers operated by the vendor. This has been discovered since the vendor probes websites linked in said chat messages.

Digibase has directly observed that vendor has been probing websites that are posted as links in Skype chats. These are performed as HEAD requests transmitted (as per RFC 2616) against the webserver for an unknown reason. the request is typically transmitted from the IP address 65.52.100.214.

An example of such a request is as follows as per Apache HTTPD logs:

<domain> 65.52.100.214 - - [20/May/2013:02:57:49 -0400] "HEAD / HTTP/1.1" 200 - "-" "-"
 

Which the address has the whois:

<nowiki>

NetRange: 65.52.0.0 - 65.55.255.255 CIDR: 65.52.0.0/14 OriginAS: NetName: MICROSOFT-1BLK NetHandle: NET-65-52-0-0-1 Parent: NET-65-0-0-0-0 NetType: Direct Assignment RegDate: 2001-02-14 Updated: 2012-03-20 Ref: http://whois.arin.net/rest/net/NET-65-52-0-0-1


OrgName: Microsoft Corp OrgId: MSFT Address: One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country: US RegDate: 1998-07-10 Updated: 2011-04-26 Ref: http://whois.arin.net/rest/org/MSFT

OrgAbuseHandle: MSNAB-ARIN OrgAbuseName: MSN ABUSE OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: abuse@msn.com OrgAbuseRef: http://whois.arin.net/rest/poc/MSNAB-ARIN

OrgNOCHandle: ZM23-ARIN OrgNOCName: Microsoft Corporation OrgNOCPhone: +1-425-882-8080 OrgNOCEmail: noc@microsoft.com OrgNOCRef: http://whois.arin.net/rest/poc/ZM23-ARIN

OrgTechHandle: MSFTP-ARIN OrgTechName: MSFT-POC OrgTechPhone: +1-425-882-8080 OrgTechEmail: iprrms@microsoft.com OrgTechRef: http://whois.arin.net/rest/poc/MSFTP-ARIN

OrgAbuseHandle: HOTMA-ARIN OrgAbuseName: Hotmail Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: abuse@hotmail.com OrgAbuseRef: http://whois.arin.net/rest/poc/HOTMA-ARIN

OrgAbuseHandle: ABUSE231-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: abuse@msn.com OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE231-ARIN

RTechHandle: ZM23-ARIN RTechName: Microsoft Corporation RTechPhone: +1-425-882-8080 RTechEmail: noc@microsoft.com RTechRef: http://whois.arin.net/rest/poc/ZM23-ARIN

<nowiki>

Mitigation/Solution

It is strongly advised that Skype users exchanging sensitive and/or confidential information utilize other means such as IRC over SSL or PGP encrypted email. If voice chat is required, it is advised that a solution like Teamspeak be set up and utilized.

References