It is not surprising to see how Skype has become a huge success since its launch in 2003. After all, it has revolutionized the way people are connected over geographical distances. According to Microsoft, which acquired Skype in 2011 for a whopping $8.5 billion, about 300 million people across the globe actively use the messaging software every month. It may be rivaled by Facebook Messenger and WhatsApp, but Skype remains a significantly important service for many.
Skype continues to be popular among a wide range of users—from grandmothers reaching their globetrotting grandchildren to telecommuters working for companies offshore. Needless to say, security is a huge factor for many of this software’s users. We’ve been hearing news about various Skype privacy issues, but how accurate are they? Should you be alarmed?
Is Skype Private?
There are two options for Skype:
- Skype for Consumers (Skype-C)
- Skype for Business
If your company uses this software for internal communication, the latter is always the ideal option. However, how can you be sure that there would be no security issues with Skype for Business?
When Microsoft implemented an update from Lync, Skype for Business users were able to add regular Skype-C contacts. On the other hand, that doesn’t mean that the conversations between these two types of accounts are private. It is worth noting that while the user has control over their Skype for Business account, they do not have jurisdiction over the messages transmitted to Skype-C accounts.
Skype Encryption Technology
One important thing to add is that Skype claims it uses encryption technology to secure “all Skype-to-Skype voice, video, file transfers and instant messages.” To put it another way, even Skype-C users can rest easy knowing that malicious users won’t be able to eavesdrop on their conversations. If you’re using the consumer version, every call you make is protected by a unique 256-bit AES encryption key.
According to Skype, the session key lasts within the duration of the communication and for a fixed time afterward. The session key is transmitted to the other person you are calling, and it is used to encrypt the messages in both directions.
It is true that calls within the Skype network are encrypted. However, there are some loopholes to this service. For instance, many people use Skype to contact landlines or mobile phones. They take advantage of this feature due to the low rates, especially for overseas calls. If you use this platform for the same purpose, the part of your conversation that takes place over the ordinary phone network (PSTN) is not encrypted. This means that if you’re making a group call and one of the users is on PSTN, the PSTN’s end is not encrypted.
Skype Records Conversation Histories
It is worth mentioning that while Skype does not record the calls, the company saves details about these conversations and stores them in a ‘history’ file on the user’s device. This isn’t necessarily a problem, but you should be concerned about the security of your smartphone, computer, or tablet. When your device gets compromised, the attacker will be able to access its contents.
How This Applies to Skype for Business
Skype servers are run by Microsoft. With that said, the tech giant does incorporate a comprehensive set of legal privacy terms. Microsoft lays out how they protect Skype users’ information, detailing how they use it.
This is where you should be concerned about the existence of security issues with Skype for Business. Most people already know that Microsoft has been monitoring user activities. According to the company, they use the data that they gather to improve their services while working with their partners (hence, the ads you see).
However, an Ars Technica investigation discovered that Microsoft computers can access webpages transmitted via Skype. These were previously-unseen pages that should have remained private. In the investigation, a security researcher sent specially-crafted URLS over Skype’s IM system. Such discovery debunks the claims that the company made in 2007. They said that even they could not wiretap conversations because of the complex peer-to-peer network connections and the strong encryption.
With that said, if you’re using Skype for Business in transmitting highly private information, you should be concerned. Let’s say you’re using the platform to share details about a new project and the other user is on Skype-C. You send this person a message with the staging URL in it and you mention that this link shouldn’t be shared around because there’s proprietary information on it. Even if you think that the message is encrypted, the privacy you thought you had has been compromised by Microsoft. After all, you wouldn’t be able to secure the Skype-C user’s side of the conversation.
Skype’s Vulnerability to Malware
Another key thing to remember is that Skype has been discovered to be vulnerable to malware. Such malware was designed to monitor videos and calls over Skype. In 2016, Palo Alto Networks researchers learned that the malware T9000 had been specifically targeting Skype users.
It is true that the user has to give explicit permission to the malware to access Skype. However, it creates a convincing disguise so that the user does not know that it is malicious. As such, there is a possibility that the user will allow the access, unknowingly letting the malware in their Skype account. Once activated, it will record audio calls, video calls, and chat messages.
What you Can do to Protect your Privacy
On the technical side, there are only a few things you can do to protect your privacy while you’re using Skype for Business. Your best bet is to be vigilant and to be aware of the policy limitations. Here are some of the things we recommend you should do:
- Carefully limit the number of Skype-C contacts you add.
- Be aware of the Skype for Business privacy relationships. It is essential to read this clause:
“Note: By default all external contacts, either personal or federated, will be assigned the External Contacts privacy relationship, which will share your name, title, email address, company, and picture. These contacts will not be able to view your Presence Note. Assigning external contacts to other privacy relationships, for example Work Group, Friends and Family, and so on, will allow them to see your Presence Note and could inadvertently share information that should not be disclosed to them.”
- If you need to communicate with a Skype-C user, make sure that they incorporate certain privacy settings that will secure their account.
- Install and take advantage of the features of Auslogics Anti-Malware. This tool will detect malicious items that may compromise your Skype for Business account.
Do you think there are other ways you can keep your Skype for Business account protected?
Let us know in the comments below!