Internet messengers (IM) indeed made the world smaller, and skype is undoubtedly the major contributor to this phenomena.
Skype is simple to use, and hard to block. With skype, you can do free calls and videoconferencing; share your desktop; and, share files such as documents and photos with any other skype users anywhere. Skype has the ability to use any available open port to communicate to the internet which made it a bane for traditional port-based firewalls to block (a headache for most network engineers).
But is skype safe?
We can download various tools over the internet to sniff through ICQ, YM, and Windows/MSN messenger chat and calls but rarely do we see tools that can do the same for skype. Skype's chat history and voice calls and logs are encrypted -- but that doesn't mean they are hack free.
Given the proper privileges and access to the network, UCSniff (http://ucsniff.sourceforge.net/) can be used to eavesdrop for skype voice calls in your network.
Update: 5/10/2012: Before I illustrate how, I would just like to add that this is not (supposedly) a viable hack since by default (off-the-shelf), operating systems do not allow other computers in the network to access non-shared folders, especially program files. However, when joining computers in a domain, the default security settings are changed. IT personnel should be made aware of the risks involved and act accordingly. I tried this on two different companies corporate network with standard security implementations on domain levels, firewalls, etc. and the procedure was successful. At least the inter-VLAN access-lists was successful in preempting this (please check my other blog about why VLANs are necessary here).
Here's how:
1. Download Skype ChatSync Reader
2. Go to control Panel >> Folder options >> View Tab. Tick "Show Hidden Files and Folder" and uncheck "Hide protected operating system files".
3. Navigate through the following (by typing it in run, or simply using windows explorer):
- for Windows XP: C:\Documents and Settings\<user_rofile>\Application Data\Skype\<login_name>\chatsync
- for Windows 7: C:\Users\<user_profile>\AppData\Roaming\Skype\<skype_login>\chatsync
- If you are accessing a different computer within your network, replace "C:" with " \\<IP address or Host name>\c$". Thus the link becomes:\\<IP_address or Host_name>\c$\Users\<user_profile>\AppData\Roaming\Skype\<skype_login>\chatsync
Note: Replace the items marked with '<>' with the proper account names.
4. You will see a number of folders inside. Each folder contains chat history for a specific day. Choose one and open it. Inside, you will see a bunch of *.dat files. You can attempt to open it in notepad or any text editor and you will only see unreadable characters.
5. In the windows explorer address bar, copy the entire address.
6. Open Skype ChatSync Reader (the file you downloaded in step 1): and paste the address you copied in windows explorer in the space provided. You should be able to read the skype chat history as per the photo provided.
To protect yourself from this kind of intrusion:
1. Disable Skype chat history. Open Skype. Click Tools >> Options. In the left panel, choose Privacy. Then, on the right panel, click show advanced options. Under 'Keep history for' dropdown box, choose never, then click on "Clear History".
2. Do not share your folders unwarranted. Do not play around with your file permission. Better yet, do not make your account an administrator (if you need to, have another administrator account but use a normal account in your daily activities).
3. Always make sure you have a workstation firewall enabled. For Windows 7 users, do not disable UAC (Use Account Control) settings.
4. For domain environments: make sure proper GPOs on securing folders are in place. Some of the basics are: (a) do not allow changing of folder options; (b) do not allow sharing of system files; (c) no administrator access to all computers except local login; disallow escalated privileges/permissions/rights.
5. It is hard not to provide local IT with escalated privilege. If it is necessary, ensure that proper guidelines and audit mechanisms are in place.
*Special thanks to my friends who shared this with me, and helped me prove this procedure is viable.
1. Disable Skype chat history. Open Skype. Click Tools >> Options. In the left panel, choose Privacy. Then, on the right panel, click show advanced options. Under 'Keep history for' dropdown box, choose never, then click on "Clear History".
2. Do not share your folders unwarranted. Do not play around with your file permission. Better yet, do not make your account an administrator (if you need to, have another administrator account but use a normal account in your daily activities).
3. Always make sure you have a workstation firewall enabled. For Windows 7 users, do not disable UAC (Use Account Control) settings.
4. For domain environments: make sure proper GPOs on securing folders are in place. Some of the basics are: (a) do not allow changing of folder options; (b) do not allow sharing of system files; (c) no administrator access to all computers except local login; disallow escalated privileges/permissions/rights.
5. It is hard not to provide local IT with escalated privilege. If it is necessary, ensure that proper guidelines and audit mechanisms are in place.
*Special thanks to my friends who shared this with me, and helped me prove this procedure is viable.
Thanks for sharing this tip. As we say in IT security, "most of the hacks are done internally, whether intentionally or unintentionally".
ReplyDeleteI would suggest this article to all users of Skype.
Thanks Steven.
ReplyDeleteI don't understand this <-> what I need to change there?
ReplyDeleteHi Syber,
DeleteI was quite busy and forgot about this blog for a year. Replace <-> with the skype ID of the person. For Example, if you're skype ID is Syber, your windows user profile is e.mark and you are using Windows 7, go to: C:\Users\e.mark\AppData\Roaming\Skype\syber\chatsync
Hey Download Link is onfline please renew it thx
ReplyDelete