Skype 2.5's new stealth mode "cracked"

Stealth techniques introduced to make the latest version of Skype harder to detect and block, have been cracked only days after first featuring in the program.

Last week, P2P security specialist iPoque reported that the recently-announced beta of Skype 2.5 had changed its call setup in order to bypass the growing band of packet filtering systems aiming to stop the software running on company networks.

The company has now been able to reverse-engineer the work of Skype’s designers, but only by radically overhauling its detection procedure.

According to CEO Klaus Mochalski, Skype 2.5’s call setup no longer conformed to a small number of predictable patterns, which could be identified and filtered at packet level. The company’s PRX Traffic Manager now used a heuristic model as the basis of its filtering.

The reengineering of Skype is not merely a refresh, as the program has been randomised to make established pattern-matching techniques useless.

From running the Skype client and watching it attempt to set up connections many thousands of times, it had been possible to find a tell-tale pattern of packet lengths, timings, and small-scale packet consistencies that betrayed its presence.

“The hand-shaking at packet level has changed quite a bit,” he confirmed.

Once the call connection is established, of course, Skype’s encryption makes it impossible to block from other packet traffic, hence the need to stop it before this point.

“They (Skype) talk about new features but never about new stealth features.”

Mochalski suggested that Skype could one day become impossible to detect if the program integrated more advanced encryption into its make-up. Skype then would have to manage and distribute encryption keys, which the company would probably not want to do at this stage in the product's lifespan.