Home / Blogs

Skype as a Platform for Secure VPN Tunnels?

Dan York

Since Skype has an open client-side API, why not use it as a transport to tunnel VPN traffic and blow through firewalls to connect you to a remote system? That's the idea raised by Peeter P. Mõtsküla in his Skype Developer Blog entry: "Idea: skypetunnel". For instance, have a Skype client running on your home machine logged in as one account. Have Skype on your laptop on another account. Initiate a connection between the two of them and wind up with secure, encrypted access through the firewall from wherever you are. Being peer-to-peer, there would be no central servers or infrastructure required (outside the usual Skype p2p cloud.) This would require, of course, a yet-to-be-created "extra" that connected into the Skype client API and was installed on both systems… but that was the point of the article - to suggest that something like this could be done (and perhaps inspire someone to write one).

It's an interesting idea, although as one commenter noted, it has already been done in a p2p fashion by Hamachi. I don't know how large Hamachi's p2p cloud (i.e. userbase) is compared to Skype and whether or not that even makes a difference, but the point is that if you are already a Skype user, this would be a way to make use of your existing tools without using another tool.

This whole concept, though, is part of the side of Skype that is admittedly a bit scary for those of us in security, and specifically corporate security. The client-side API can be accessed by whatever extras a user installs. All Skype traffic is encrypted, naturally, so a corporate IT security person has no way to know what is going across that connection. Whatever the user installs and allows to access the API gets to use that encrypted Skype connection. If a user installs this fictional VPN Skype extra, the user could then access their corporate desktop from wherever they are - without going through the "approved" VPN gateways… and at the mercy of the security of that fictional VPN "extra". How well is that "extra" secured? Could someone else using the extra connect to your corporate desktop PC and initiate a VPN? What kind of authentication is part of it?

Yes, with Skype's business version, you can use Windows' registry settings to control access to the API, but this means that: a) the company would need to essentially "endorse" Skype usage by promoting the Skype for Business edition; and b) the company would need to somehow block all installations of the "regular" version of Skype. I guess I don't see that happening - yet - in many corporations. I expect they will probably continue to take the very black and white approach of attempting to block Skype entirely from their corporate LAN… or just ignoring the issue and letting Skype be installed if users do so. This latter case is where the Skype client API gets a bit scary.

We'll see. I agree with the article author that it's a rather logical extension of the Skype p2p cloud.... it will be interesting to see if someone does come up with a VPN "extra" for Skype.

By Dan York, Author and Speaker on Internet technologies. Dan is employed as a Senior Content Strategist with the Internet Society but opinions posted on CircleID are entirely his own. Visit the blog maintained by Dan York here.

Related topics: P2P, Security, Telecom, VoIP

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


To post comments, please login or create an account.

Related Blogs

Related News


Industry Updates – Sponsored Posts

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Influential Law Firms Have Become Early Adopters of '.law' TLD

Announcing Verisign IntelGraph: Unprecedented Context for Cybersecurity Intelligence

Introducing the Verisign DNS Firewall

TLD Security, Spec 11 and Business Implications

Verisign Named to the Online Trust Alliance's 2015 Honor Roll

3 Key Steps for SMBs to Protect Their Website and Critical Internet Services

Key Considerations for Selecting a Managed DNS Provider

Verisign Mitigates More DDoS Attacks in Q1 2015 than Any Quarter in 2014

Verisign OpenHybrid for Corero and Amazon Web Services Now Available

Afilias Supports the CrypTech Project - Ambitious Hardware Encryption Effort to Protect User Privacy

Public Sector Experiences Largest Increase in DDoS Attacks (Verisign's Q4 2014 DDoS Trends)

Help Ensure the Availability and Security of Your Enterprise DNS with Verisign Recursive DNS

Verisign iDefense 2015 Cyber-Threats and Trends

What's in Your Attack Surface?

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

3 Questions to Ask Your DNS Host About DDoS

Sponsored Topics