Skype is dismissing a claim by a small team of Chinese engineers who say they have reverse-engineered the protocol used for Skype internet phone calls.
The development is being reported by Charlie Paglee, CEO of Vozin Communications, a VoIP (voice over IP) company that offers the Talqer plug-in for Google Talk and which has operations in China and California. Paglee, a Mandarin speaker who has worked in China since 1987, said he knows the people in the small company that reverse-engineered the Skype protocol.
Paglee wrote about the achievement on his blog, and said he has been asked not to reveal the name of the company.
The 10-person Chinese firm, which has received venture capital funding, is planning to release in two weeks three software components based on the Skype protocol that would allow developers to create compatible applications, Paglee said. Those components comprise voice and instant messaging functions.
Skype's protocol is proprietary, so third-party developers have not been able to build compatible applications. Some other VoIP applications are based on the open SIP (Session Initiation Protocol) standard, enabling third-party developers to create interoperable products.
Skype, a unit of eBay, said on Friday it is aware of the claim but had "no evidence to suggest that this is true".
"Even if it was possible to do this, the software code would lack the feature set and reliability of Skype," read a statement from Skype. "Moreover, no amount of reverse engineering would threaten Skype's cryptographic security or integrity."
By cracking the Skype protocol, the company claims it can also block Skype voice traffic, said Paglee, who is also a lawyer and engineer. "They could literally turn the lights off on Skype in China very, very quickly," he said.
The company could transfer the technology to the Chinese government, which has continually sought ways to tighten its filtering and control over the internet. So far, the company doesn't have any plans to market its blocking capabilities, Paglee said.
Other security companies have been developing methods to block Skype, since the data packets it uses are hard to detect. Enterprises are concerned Skype's file transfer capabilities could threaten its intellectual property if used improperly by an employee.
The company claims it can block calls by exploiting how Skype works, Paglee said.
Skype's founders, Niklas Zennstrom and Janus Friis, used P2P (peer-to-peer) technology rooted in their Kazaa filesharing program to route Skype calls through users' computers rather than through central servers. Kazaa allows users to search each other's hard drives and share files.
Paglee said the Chinese company can detect, map and block the computers that are passing on calls, and in doing so shut down Skype calls. The software developed by the Chinese company does not support the peer-type structure to support calls.
The company, however has not been able to decrypt the phone calls passing through those computers and listen in because of the complicated encryption keys used during calls, Paglee said.
"Skype's conversations are still secure but what's not secure is its present business model of using everybody else's computer to propagate the Skype network," he claimed.
Paglee details in his blog a call he received from the engineers using a rudimentary client. Part of the proof that the protocol had been cracked came when the engineers sent Paglee the IP address of his computer, information that normally would be encrypted during a Skype session.
"I was a little bit shocked," Paglee said. His blog can be seen here.