Has the Skype Protocol Been Cracked?

The blogosphere is buzzing with the claim that a group of Chinese researchers has reverse-engineered the Skype protocol, providing a third-party VOIP alternative.

A claim that a group of researchers in China has successfully cracked the Skype protocol has set the blogosphere alight, but the company says there is no evidence that the software has been reverse-engineered.

"We have no evidence to suggest that this is true. Even if it was possible to do this, the software code would lack the feature set and reliability of Skype," the company, headquartered in Luxembourg, said in a statement sent to eWEEK.

According to Charlie Paglee, CEO of VOIP (voice-over-IP) startup Vozin Communications, in Fremont, Calif., engineers at a small research outfit in China have cracked Skypes proprietary protocol to create a third-party application capable of connecting to Skypes 100 million users.

Paglee announced the news on his blog on July 14 and posted screenshots of Skype connecting directly to a rudimentary application. Paglee, who tested the connection during two voice calls with the Chinese group, noted that his IP address was "100 percent correct" on the third-party software.

"The first time we talked there was a noticeable echo on my end. The second time the voice quality was good ol Skype crystal clear. At present they only support placing Skype peer-to-peer phone calls and they have not yet implemented presence," Paglee said.

/zimages/1/28571.gifUnpatched installations of Skype are tempting malware targets. Click here to read more.

He declined to name the research group, which is backed by venture capital funding. "They have plans to add presence, instant messaging, and a host of other features. Their end goal is to create a client 100 percent compatible with Skype," Paglee said.

"They are working night and day on a demo which they hope to launch before the end of August," he added.

Skype, created by Kazaa founders Niklas Zennström and Janus Friis and acquired by eBay in September 2005, has jealously guarded its closed source code, even in the midst of concerns about user bandwidth in the form of super nodes and the applications security model.

According to Paglee, the Chinese groups software will not support Skypes super node technology. "This means that very soon Skype users will have an alternative client [that] will not hijack their computer. This could eventually have a very negative effect on the Skype network if too many people choose not to act as Skype super nodes and the network starts to deteriorate," he explained.

If the reverse-engineering claim turns out to be true, it could have serious business and legal ramifications for Skype and its heavyweight parent company, eBay. If the company chooses to leverage Skype to deliver advertisements, for example, the third-party application would emerge as an ad-free alternative.

Paglee also raises the spectre of the Chinese government taking advantage of third-party software connecting to Skype. In 2005, telecommunications operator China Telecom briefly blocked Skypes SkypeOut feature, prompting speculation that the pay-per-call feature was taking long-distance business from the countrys state-controlled telecoms.

/zimages/1/28571.gifRead more here about censorship of Skype in China.

"They [Chinese telecoms] will enthusiastically support a domestic Chinese company with the engineering talent to reverse engineer Skype. I wouldnt be surprised if a major Chinese telco ends up licensing this technology to produce a competing Skype client for use in China," Paglee said.

Skype did not address that aspect of Paglees contention. In its one-paragraph statement, the companys spokesperson simply said: "No amount of reverse engineering would threaten Skypes cryptographic security or integrity."

/zimages/1/28571.gif Check out eWEEK.coms for the latest news, views and analysis on voice over IP and telephony.