Privacy Group Says Skype Users Vulnerable
The group said it had concerns about the free communication service’s overall level of security having reviewed its technology and policies.
It cited a number of issues, including Skype’s use of arbitrary profile names on its contacts lists, which it says makes it easy to impersonate users and introduces substantial security risks, and called on Skype to respond urgently.
Skype has around 700m users worldwide, including at least 20m in China and an unknown number in the Middle East.
Privacy International’s Human Rights and Technology Advisor, Eric King, said: “Skype’s misleading security assurances continue to expose users around the world to unnecessary and dangerous risk. It’s time for Skype to own up to the reality of its security and to take a leadership position in global communications.”
Privacy International also said: “Skype has always proclaimed that it provides a secure method of communication. Hundreds of millions of people have chosen to use Skype, often on the basis of this assurance”.
“Many of Skype’s users live in troubled areas of the world, where such assurances may carry life or death consequences. Privacy International has a responsibility to ensure that Skype’s claims are substantiated.”
One of the main concerns includes the failure to provide secure connections, through HTTPS, which allows third parties to tamper with downloads.
The privacy group alleges that China, for example, has been known to produce its own trojan-infected version of Skype, leaving users exposed to interception, impersonation and surveillance. It said given that Facebook, GMail and Twitter offer this level of protection, Skype should also enable such protection.
The VBR audio compression codec used by Skype can also be identified with an accuracy of 50-90% regardless of how it is encrypted, said the group.
The group said currently, adversaries can find ways to defeat Skype’s security, and has called on Skype to respond to this precarious and regrettable situation.
Skype has not yet responded to the points raised by Privacy International, but said it takes issues seriously and aims to provide users with the best possible levels of privacy and security.