FOSS Hacker's Reverse-Engineering Has Skype Seething
Skype is hopping mad after a hacker reverse-engineered part of its code and posted the results on the Internet. Efim Bushmanov says he intends to make Skype open source, but company officials have implied he may be threatening the security of their product. It's unclear whether any legal action is in the works.
Skype's code has been hacked and its innards published on the Web by Efim Bushmanov, a self-described freelance researcher in the tiny Komi Republic, about 870 miles from Moscow.
His aim, he said, was to make Skype open source.
Another goal: to find "friends who can spend many hours for completely reverse it" because he hadn't finished the task.
The move has Skype fuming.
"We are taking all necessary steps to prevent or defeat nefarious attempts to subvert Skype's experience," said spokesperson Sravanthi Agrawal.
"Skype takes its users' safety and security seriously, and we work tirelessly to ensure each individual has the best possible experience," Agrawal continued.
The connection between Bushmanov's publishing of his files on the Web and subverting Skype's experience is not clear.
However, perhaps it's all a storm in a teacup and Bushmanov merely wanted publicity.
What Bushmanov Did
Bushmanov's announcement earlier this month about having reverse engineered Skype's protocols raised questions.
He offered "send message to Skype" code that he admitted was based on the old Skype version 1.4 protocol, which has been changed, and said he had done much of the work for versions 1.x, 3.x and 4.x of the Skype protocols.
Part of the code and the decrypted binaries were obtained from VEST Corp., which clearly states the code is for academic research and educational purposes only and warns that it will prosecute anyone who uses the code in their product for copyright infringement.
On June 3, Bushmanov blogged that the "send message to Skype" code published on his blog is essentially useless.
"It will not work at all on any 5.x Skype and will not work for 3.x or 4.x without new login certificate," he wrote. These certificates are issued by Skype's login server when users sign on.
Bushmanov outlined two methods to get the certificates, both of which don't work. He'll try to patch Skype 4.x to dump credentials into a log file, but he doesn't seem to be sure what the outcome will be.
It's not yet clear whether or not Skype will actually sue Bushmanov, despite its fulminations.
However, Skype might have legal grounds to target either Bushmanov or anyone who uses his work.
"Just because someone posts the text of a Harry Potter book on the Web doesn't mean anyone else who copies it won't get sued for copyright infringement," Rob Enderle, principal at the Enderle Group, pointed out.
"This doesn't affect ownership and might actually make it easier to prove infringement," Enderle told LinuxInsider.
The code may infringe on patents held by Skype, warned Al Hilwa, a research director at IDC.
"The assumption here is that what was posted is something that is like Skype, but not the Skype code itself," Hilwa told LinuxInsider. "If anyone involved in the reverse engineering had access to the original at some point, then there is probably a lawsuit in the works."
Several weeks ago, Microsoft bid $8.5 billion in cash for Skype.
"While the regulatory review process is under way, Microsoft and Skype continue to operate independently," Microsoft spokesperson Laura Jones told LinuxInsider. "You'll need to check in with Skype on the situation."
Everyone Gets 15 Seconds
Perhaps Bushmanov's "hack" is really a publicity stunt.
"ROFL I become famous," he posted on his blog Sunday, after listing an interview he had with the editor of East-West Digital News and the resulting article.
Bushmanov set up his blog on Google's Blogger this month. He has only five posts on the blog so far.