The reliance on Skype for communication between friends, family, colleagues and remote business partners seen significant of growth over the past few years, but there may be a stubborn endpoint security worry that many had not previously considered. Ars Technica reported that the Microsoft-owned videoconferencing service regularly scans user messages for signs of fraud which may log the results indefinitely, something that can only happen if the messages are let unencrypted in plain text format.
With the help of independent security researcher Ashkan Soltani, Ars Technica used the Skype service to send four links created for the purpose of the investigation of the security within the program. While two of the links were never clicked on, the other two beginning in HTTP and HTTPS individually, were viewed by a machine at an IP address belonging to Microsoft. This proves that the company has the ability to read plain text within encryption and regularly uses that ability, according to the website.
On one hand, Skype's security policy clearly notes that it may use automated scanning to identify spam and other forms of fraudulent messaging, Ars Technica points out. However, there is still a belief among many that Skype offers across-the-board encryption, meaning they would protect communications against unauthorized viewing. If the company is able to reach URLs transmitted between users, this is not the case and could lead down some dangerous paths as far as data security is concerned.
"The problem right now is that there's a mismatch between the privacy people expect and what Microsoft is actually delivering," Matt Green, a professor specializing in encryption at Johns Hopkins University, told Ars. "Even if Microsoft is only scanning links for 'good' purposes, say detecting malicious URLs, this indicates that they can intercept some of your text messages. And that means they could potentially intercept a lot more of them."
It will be up to each individual user and company as to whether they want to risk sending sensitive information over Skype's services.
Consumerization News from SimplySecurity.com by Trend Micro.