Is Skype secure enough to discuss matters of a personal nature? Is it safe to conduct business meetings and share confidential information over Skype? Does Skype maintain confidentiality in conversations? With 700 million users worldwide, Skype is widely regarded as the “Big Daddy of Internet Telephony” and is arguably the most popular free online phone and chat service on the web. Then why am I so concerned about the security and privacy aspects of Skype?
A recent report from Privacy International, a human rights watchdog on intrusion by government and corporations on personal privacy, suggests Skype’s security vulnerabilities could put the lives of those using it in repressive regimes in danger. Skype on its part says it takes appropriate organizational and technical measures to protect information within its control with due observance of the applicable obligations and exceptions under the relevant law.
Why, then, this sudden fuss about Skype’s security vulnerabilities? Let’s find out.
Privacy International says Skype needs to get house on in order on several aspects. First, Skype’s reliance on full names rather than unique user names poses a massive threat of impersonation. So, I can register on Skype as Tony Clement, Barack Obama or even Trish Stratus :). While that’s doable on most social networks as well, Twitter and Facebook offers verified accounts as well as a mechanism to report fake profiles.
In the past, Skype has often been under fire as users are often bombarded with unsolicited requests to communicate by spammers and scammers. When I receive a request via Skype to communicate with someone using a familiar name, I have no way of knowing if that person is an impostor or genuine. Surely, it’s high time for Skype to add an extra security check for new contacts.
The report says that Skype users are facing a looming threat of downloading trojan-infected version of Skype, leaving users exposed to interception, impersonation and surveillance. Perhaps, there are lessons to be learnt by the recent malware invasion on on third-party Android app stores.
The report also questions Skype’s decision to use VBR audio compression codec, especially when its security vulnerabilities are an openly documented secret. A recent research at the University of North Carolina indicates that with VBR, phrases can be identified, thereby making it prone to snooping and phishing attacks.
PI is calling on Skype to act quickly to resolve these problems in order to protect its users. Skype says the privacy group had not directly raised the issues with it, but added that it would be looking into its report. I, for one, hope Skype does so sooner than later. After all, the security of 700 million users (including yours truly) is at stake. What do you think?