Thursday23 March 2023

Skype Is No Longer A Secure Means Of Communication

Reading time is around minutes.
News manstealingdata

About two weeks ago we saw a random tweet that seemed to indicate that Microsoft had added in technology that would allow for easier spying on Skype conversations. Right after this a tweet on the YourAnonNews feed seemed to indicate that the “bug” that was accidentally sending some conversations to random members of your contact list was related to the new “feature”. There was a much more ominous tweet about an hour later that claimed Skype had been hacked and the source code downloaded. Although we never were able to confirm the relationship to the bug and the reworking of supernodes to switch to Microsoft run servers, we did find out that the released code was not the official source code, but a posting of a decompiled version of the Skype application; still useful if you wanted to look for an exploit, but not the original source code to be sure.

Still we have to wonder about the original claims that the use of the new Microsoft owned supernodes will enable Microsoft to spy on conversations and also make the previously secure P2P messaging and VoIP network vulnerable to attack. Questions sent to Microsoft about this change are getting responses like; “Skype cooperates with law enforcement agencies as much as is legally and technically possible”. This does not answer the question at all and has left many worried about the security of the service.  Do your calls and messages now go through the Microsoft run supernodes? According to a response sent to CNN they do not.

Skype claims that the supernodes are only used to allow users to find one another. However some feel this is not completely true and that all routes lead to Microsoft in the new infrastructure. This would seem to reference the issue that popped up and was fixed by Skype a couple of weeks ago.  If the claims are right then communication between users has reached a completely new level of insecurity when it comes to privacy. Microsoft will have turned Skype into an open door for law enforcement. They will now have access to central routing servers and the encryption keys that guard the conversations.

This would be in stark contrast to the traditional Skype infrastructure where your conversations were point to point through the encrypted Skype network. It was considered the most secure messaging and VoIP network by many and has over 254 Million users at last count. It seems that in some cases it would not take much to push a Skype call through a supernode. All you have to do is block UDP packets and the system will default to a TCP connection might requires transmission through a supernode. It would be very simple to force this on Skype’s end or at a point in the middle.

Right now many are stating that Skype is simply no longer secure. The Electronic Frontier Foundation says that Skype is no longer to be used as a secure means of communication. It is likely that governments now have the means to tap conversations and messaging sessions. We have to agree with them and will add that this extends to Microsoft’s own Live Messenger application that Microsoft has been admitted is monitored for offending content and links. We are guessing that Skype will be the next phase in this and the move to bring the supernodes in-house is only the first steps. Once they have control of the directories and user routing they can do quite a bit to piggy back on conversations and also to identify who is connected to who.

The move also opens up the service to attack as now the servers are located in one spot. The claim that the Supernodes are in “secure” data centers is something of a joke as hackers have shown more than once this year. So now your calls, messages contact lists and more might be accessible to law enforcement agencies and to hackers. Skype needs to come clean and let their users know exactly what is going on here before they start leaving and move to another service. Well considering Microsoft killed off the second best online ad company, we guess they are now working hard to kill off Skype…

Discuss this in our Forum

Last modified on Tuesday, 24 July 2012 19:59

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.