• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Cloud Computing   »   Skype’s encryption features come up short

Skype’s encryption features come up short

  • Posted on:May 29, 2013
  • Posted in:Cloud Computing, Current News, Cybercrime, Privacy & Policy
  • Posted by:
    Trend Micro
0

The reliance on Skype for communication between friends, family, colleagues and remote business partners seen significant of growth over the past few years, but there may be a stubborn endpoint security worry that many had not previously considered. Ars Technica reported that the Microsoft-owned videoconferencing service regularly scans user messages for signs of fraud which may log the results indefinitely, something that can only happen if the messages are let unencrypted in plain text format.

With the help of independent security researcher Ashkan Soltani, Ars Technica used the Skype service to send four links created for the purpose of the investigation of the security within the program. While two of the links were never clicked on, the other two beginning in HTTP and HTTPS individually, were viewed by a machine at an IP address belonging to Microsoft. This proves that the company has the ability to read plain text within encryption and regularly uses that ability, according to the website.

On one hand, Skype's security policy clearly notes that it may use automated scanning to identify spam and other forms of fraudulent messaging, Ars Technica points out. However, there is still a belief among many that Skype offers across-the-board encryption, meaning they would protect communications against unauthorized viewing. If the company is able to reach URLs transmitted between users, this is not the case and could lead down some dangerous paths as far as data security is concerned.

"The problem right now is that there's a mismatch between the privacy people expect and what Microsoft is actually delivering," Matt Green, a professor specializing in encryption at Johns Hopkins University, told Ars. "Even if Microsoft is only scanning links for 'good' purposes, say detecting malicious URLs, this indicates that they can intercept some of your text messages. And that means they could potentially intercept a lot more of them."

The scanning may happen as these messages are sent through supernodes, Ars said, but either way, Solanti noted that this confirms that the company and program can read content. Even if it is not known where this information is read, the privacy policy of the program is quite clear that it is allowed to do this.

"Skype will retain your information for as long as is necessary to: (1) fulfill any of the Purposes (as defined in article 2 of this Privacy Policy) or (2) comply with applicable legislation, regulatory requests and relevant orders from competent courts," the company's website said.

It will be up to each individual user and company as to whether they want to risk sending sensitive information over Skype's services.

Consumerization News from SimplySecurity.com by Trend Micro.

Related posts:

  1. Wall Street has data security concerns over Bloomberg reporting
  2. Malicious worm exploits Skype API to target Windows users
  3. Report: US cybersecurity intelligence falling short
  4. Security in backups means more than just encryption

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.