iSkoot Learns People Care About Security

If for some reason you enjoy draining your cellular minutes and your Skype credit simultaneously while making Skype calls from your S60 handset (even for calls to your Skype contacts!), you probably use iSkoot instead of the true MoIP solutions offered by fring. Ok that’s fine, we all have our crosses to bear. You might be interested to learn however, that a serious security flaw was recently uncovered in the way iSkoot transmits your credentials. To make a long story short, it forgoes all encryption and passes all information including user name and password data in the clear. Yikes! The discovery was made over the weekend by popular Nokia blogger Phoneboy, and evidence in the form of tcpdump records provided indisputable evidence. iSkoot promptly responded to the post and claimed that a “non-production version” of the S60 client had accidentally made its way onto its site for public download. It also insisted that versions other than the native S60 client were not affected. We’re not clear on why an internal test version was signed with a public certificate but whatever the case may be, iSkoot users with S60 handsets should probably seek an alternative solution until an update is issued; especially if public WiFi is used frequently while iSkooting.


View Comments