3S Labs Banner

Wednesday, May 9, 2012

Skype API ... and Security

For sometime, we have been working on techniques to record Skype voice calls in a reliable and non-intrusive manner. Previously there had been known techniques and public proof-of-concept codes that demonstrate Skype voice call recording via DLL Injection and hooking certain Sound API inside Skype process, however such techniques evidently will be far from being non-intrusive.

It turns out, since quite some time Skype is actually developer friendly. Among various SDKs which are not available freely and only available to partners, Skype provides a OLE COM interface freely through which it is possible to interact with the active Skype process via a valid and documented interface.

The OLE interface thus makes it trivial to setup OLE Event Handlers for notification on Voice Call initiation and termination along with setting up appropriate recording channels.

Using Skype4COM, scripting up a Skype Recorder is actually quite trivial:



All great so far, however such trivial Automation API does come with a risk of malware misuse. In order to avoid malwares misusing Skype OLE Automation Interface, Skype has implemented API Access Authorization by the user which basically pops up or displays a message to the user for authorizing a given application to use Skype API. The authorization process is actually a bit complex than simply asking for user authorization and is more or less discussed here.

As already discussed and proved here, such Access Control or Authorization is definitely not enough as it is not very difficult to simulate mouse events. With some effort we were able to develop a proof of concept code that can automate the API authorization process using FindWindow, mouse_event and SendMessage Win32 APIs. Apart from that, authorizing applications to use API based on executable hash only is probably not a good idea as it _might_ be possible to force a trusted application to perform malicious activities by using it as a shuttle for malicious code.

1 comment:

  1. Very interesting and informative article, it helped me to solve my old problem. I am so thankful, that in return I wanna share with u this nice service with skype latest version https://yepdownload.com/skype that I accidentally found out in the internet.

    ReplyDelete