iSkoot Transmits Your Data In The Clear

Reading time ~1 minute

Various people are thinking that Skype Mobile is basically an unbranded iSkoot, which does the same thing in much the same way. Generally speaking, they seem to do the same thing, but they do it very differently. Packet traces don't lie.

I loaded up iSkoot on my Nokia N95 and accessed the iSkoot service via WiFi. I did this so I could capture what the iSkoot client was sending out so I could see the difference. And oh, boy was it different--different enough that I would think twice about using iSkoot.

First of all, Skype appeared to use a TCP connection on a non-standard port. Fine with me. I looked at the raw packets generated by Skype Mobile and saw an opaque blob--exactly what I expected to see.

iSkoot uses TCP port 80--the same port used by HTTP, the lingua franca of downloading web pages. It sends various things as a series of HTTP GET calls. The scary part of this that your text chat messages--and lots of other interesting information, including your Skype credentials--is being transmitted in the clear. That's right, iSkoot takes all that perfectly good encryption that Skype employs and throws it out the window. For no good reason.

Until iSkoot fixes this problem--and it would be very easy for them to do so (ever hear of SSL?)--I cannot in good conscious recommend using iSkoot.

UpdateIssue is resolved in their latest Symbian/S60 client.

A Couple Decades (And Change) of Working From Home

When the Covid-19 pandemic was declared in March of 2020 and most everyhigh-tech business became "all remote all the time" literally over...… Continue reading

Some Things Never Change at Palo Alto Networks

Published on October 20, 2020

My Two Check Point Decades

Published on February 01, 2019