[Full-disclosure] Skype v. 5.x.x - information disclosure

[Osama Bin Error]

Title:
==
Skype v. 5.x.x - information disclosure

Date:
=
2012-02-13

Introduction:
=
Skype is a proprietary voice-over-Internet Protocol service and
software application.

Abstract:
=
We have discovered improper chat logs handling, which cause in logs
accessibility even if user had enabled no history option in Keep
history for settings or even destroy it manually with Clear history
button.

Report-Timeline:

2012-02-13: Public Disclosure

Status:

Published

Exploitation-Technique:
===
Local

Severity:
=
Low

Details:

As mentioned in the Skype FAQ
(https://support.skype.com/en-gb/faq/FA140/Managing-your-privacy-settings-Windows):
You can choose how long to keep your conversation history for, or
delete it altogether.
1. To change your history settings, in Skype from the menu bar click
Skype  Privacy.
2. Below Keep history for, click on the drop-down list and select the
amount of time you would like your history to be saved for.
Choose from forever, 3 months, 1 month, 2 weeks or no history at all.
3. To delete your conversation history, click Clear history. This
removes your entire history, including instant messages, calls,
voicemails, text messages, sent and received files. If you delete your
conversation history, you cannot recover it.

This sounds safely, but in fact Skype stored all incoming and outgoing
chat messages into local sqlite3 DB (file main.db, table Messages), in
plain text. Even if Keep history for-no history option in
Settings-Security is enabled, Skype write all your data into Messages
table, but executes delete * from Messages  after program exit. This
command will destroy messages at logical level in DB, but in fact, in
physical level all messages data stay alive (blocks in the DB file
only marks as destroyed), and simply can be recovered even with text
editor (as mentioned above, it is stored in plain text).

Proof of Concept:
=
In Windows XP, go to C:\Documents and Settings\%user
name%\Application Data\Skype\%Skype user name% and open file main.db
with text editor. All the ducks inside.

Credits:

Anonymous

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Skype v. 5.x.x - information disclosure

[Mario Vilas]

Good find. I think it should also be possible to disable the delete
* command with triggers, as a nice way to backdoor the database
(almost non intrusive compared with installing rogue plugins, and the
user isn't likely to ever find out).

On Mon, Feb 13, 2012 at 11:25 AM, Osama Bin Error oer...@gmail.com wrote:
 Title:
 ==
 Skype v. 5.x.x - information disclosure

 Date:
 =
 2012-02-13

 Introduction:
 =
 Skype is a proprietary voice-over-Internet Protocol service and
 software application.

 Abstract:
 =
 We have discovered improper chat logs handling, which cause in logs
 accessibility even if user had enabled no history option in Keep
 history for settings or even destroy it manually with Clear history
 button.

 Report-Timeline:
 
 2012-02-13:     Public Disclosure

 Status:
 
 Published

 Exploitation-Technique:
 ===
 Local

 Severity:
 =
 Low

 Details:
 
 As mentioned in the Skype FAQ
 (https://support.skype.com/en-gb/faq/FA140/Managing-your-privacy-settings-Windows):
 You can choose how long to keep your conversation history for, or
 delete it altogether.
 1. To change your history settings, in Skype from the menu bar click
 Skype  Privacy.
 2. Below Keep history for, click on the drop-down list and select the
 amount of time you would like your history to be saved for.
 Choose from forever, 3 months, 1 month, 2 weeks or no history at all.
 3. To delete your conversation history, click Clear history. This
 removes your entire history, including instant messages, calls,
 voicemails, text messages, sent and received files. If you delete your
 conversation history, you cannot recover it.

 This sounds safely, but in fact Skype stored all incoming and outgoing
 chat messages into local sqlite3 DB (file main.db, table Messages), in
 plain text. Even if Keep history for-no history option in
 Settings-Security is enabled, Skype write all your data into Messages
 table, but executes delete * from Messages  after program exit. This
 command will destroy messages at logical level in DB, but in fact, in
 physical level all messages data stay alive (blocks in the DB file
 only marks as destroyed), and simply can be recovered even with text
 editor (as mentioned above, it is stored in plain text).

 Proof of Concept:
 =
 In Windows XP, go to C:\Documents and Settings\%user
 name%\Application Data\Skype\%Skype user name% and open file main.db
 with text editor. All the ducks inside.

 Credits:
 
 Anonymous

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/



-- 
“There's a reason we separate military and the police: one fights the
enemy of the state, the other serves and protects the people. When the
military becomes both, then the enemies of the state tend to become
the people.”

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/