By Nick Davis
Skype has yet another security issue to handle. This time, it’s not a demand for more security, but less. The Kingdom of Saudi Arabia has threatened to ban the service and other Voiceover Internet Protocol (VoIP) applications, similar to the Blackberry Messenger (BBM) ban of 2010. Saudi Arabia hasn’t explicitly stated the reasoning behind it, but many Saudis and expatriates have insinuated that the Monarchy wishes to have more control to monitor communications between its citizens and their cohorts.
This shouldn’t be a surprise to anyone. While Saudi Arabia has typically been an ally to the United States and a respectful government to its people, they have a long track record of quashing civil liberties. What is surprising is that Skype software allows third parties to find and control your IP address through a simple username search no matter what your privacy settings are, and Skype has known about this problem since 2010.
Despite Microsoft overhauling Skype’s online security network from peer-to-peer machines to Linux boxes that are hardened to resist the most common type of attacks, Skype has yet to resolve the ‘digital identity stealing’ that has developed over the last few years. Essentially, according to a Skype programmer, the problem revolves around a catch-22 of speed and security. “One challenge is that the maximum Round Trip Time (RTT) that VoIP users can tolerate is around 300 milliseconds (ms) whereas the propagation delay in a fiber optical cable spanning the circumference of the planet is approximately 200ms. It means that when a user in Germany calls another one in Australia, the proxy service must incur less than 100ms additional RTT.”
Additionally, an Israeli security researcher recently found another bug with Skype and Dropbox. The issue centered around the services’ lack of URL validation which then allowed any private information shared over theses services, like Facebook accounts and passwords, to be recovered by identity thieves. Nir Goldschlager, a founder of the security service Breaksec, responsibly reported the bug, which could have led to more bad publicity for the digital telephony service.
I think its interesting that there is plenty of publicity surrounding the government of Saudi Arabia potentially violating the privacy of its citizens when Skype itself perpetuates and allows hackers to steal private information. There aren’t many things that could dissuade users from discontinuing their usage of the application, but one of those is shaky security controls. Skype has a significant network effect to the extent that most people who use it have a contact base set up. However, with competitors like Google Voice, Apple’s Facetime, and other VoIP services, Skype isn’t exactly running a monopoly.
The video service needs to take care of their security issues as soon as possible because it stands to lose over 31 million users worldwide. At the very least, the issue is preventing major corporations from putting their stamp of approval on the conferencing site due to the lack of security. Before we throw the Saudi government under the bus for violations of privacy, we should also ask Skype why it has taken so long to protect its users. They are just as guilty as the Arab country.