Is Skype Safe and Secure? What are the Alternatives?

Без кейворда

When Skype launched on twenty nine August 2003, it is fair to say that it was one of the most significant moments in the history of communication. As hyperbolic as it may seem to equate the launch of Skype with the invention of the printing press by Johann Gutenberg in 1450; the very first long distance phone call made in one thousand eight hundred eighty four or the very first mobile phone call made in 1973, there is no question that Skype revolutionised the way the world was connected and heralded an era where geographical distance no longer meant being incapable to see and talk to your friends and family.

Unsurprisingly Skype was a hefty success and since it was launched it has grown quickly and according to the latest figures from Microsoft — which bought Skype for $8.Five billion in two thousand eleven — there are three hundred million people around the world actively using the service every month, and while other services like WhatsApp and Facebook Messenger (which both suggest similar services) have grown fatter in terms of user numbers, Skype is still a hugely significant service for people around the world.

Considering its popularity among all strata of society from grandmothers attempting to contact their grandchildren travelling the world to activists seeking to contact journalists on the other side of the globe, security is obviously a hugely significant factor for a lot of its users.

The ordinary response is not indeed, but there are a lot of things to consider before you determine if Skype is a safe enough platform for you. Here will we walk you through how Skype works, what the service claims about its security and what we know about vulnerabilities to that system. We will also look at five alternative services which suggest better security and could substitute Skype as your primary Voip contraption.

Skype is a service which permits smartphone, tablet and PC users around the world to communicate with fellow Skype users via movie or voice. The service also permits Skype users to connect via voice with landlines and mobile phones for a fee. The service also has a built-in instant messaging and file transfer features.

The system requires users to download a chunk of software to use the service and is available on Mac and Windows PCs, as well as apps for iOS and Android devices.

What Happens When I Register?

When you set up a Skype account your username and password are stored both on the device you create the account on and on Skype’s servers. This is done to permit for call recipients to be authenticated and to assure that callers seeking authentication are accessing a Skype server rather than an impostor.

According to Skype’s own website: “All Skype-to-Skype voice, movie, file transfers and instant messages are encrypted. This protects you from potential eavesdropping by malicious users.” For each call you make, your Skype client creates a unique 256-bit AES encryption key for that session. This session key exists as long as communication proceeds and for a immovable time afterward, according to the company. When you place a call, Skype transmits the session key to the person you are calling and that session key is then used to encrypt messages in both directions.

But Not Everything Is Encrypted

While Skype-to-Skype calls are encrypted, if you use Skype to call mobile phones or landlines (which many people do in order to take advantage of much lower rates, especially to overseas numbers) the part of your call that takes place over the ordinary phone network (PSTN) is not encrypted. For example, in the case of group calls involving two users on Skype-to-Skype and one user on PSTN, then the PSTN part is not encrypted, but the Skype-to-Skype portion is.

Skype Records Your History

By default Skype will record details about all calls (however not the calls themselves) and store them in a “History” file which resides on the user’s device. While this in and of itself is not a problem, if the security of your computer, smartphone or tablet is compromised then the attackers will be able to access its contents.

However, all these issues are rendered somewhat pointless in light of several latest revelations.

In two thousand thirteen an Ars Technica investigation found that Skype “regularly scans message contents for signs of fraud, and company managers may log the results indefinitely. And this can only happen if Microsoft can convert the messages into human-readable form at will.”

Part of the investigation which witnessed a security researcher create specially crafted URLs which were sent over Skype’s IM system, counters Skype’s claims made in two thousand seven that it couldn’t conduct wiretaps because of strong encryption and sophisticated peer-to-peer network connections.

Just a duo of months later, Skype claims that all encrypted communications couldn’t be spied upon were further eroded by revelations made by Edwards Snowden which demonstrated that the National Security Agency had widespread access to voice and movie calls on the service which were presumed to be encrypted. Skype began working with the NSA in two thousand eleven before it was acquired by Microsoft but in latest years the amount of information being collected has tripled and now includes movie.

Prior to Snowden’s revelations, in March 2013, Jeffrey Knockel, a computer-science graduate student at the University of Fresh Mexico, exposed that the special version of Skype which Chinese users are coerced to use — known as TOM Skype — was permitting the Chinese government to gather information on its users including information about their political beliefs, as well as censoring what they can say to one another.

In May of the same year, well-regarded Russian publication “Vedomosti” reported that both the national security agency and the police are able to tap Skype conversations without even filing a court order.

But the issues don’t stop at governmental spying. Skype has also been shown to be vulnerable to malware designed to monitor your calls and movies.

As recently as February two thousand sixteen researchers at Palo Alto Networks exposed that a chunk of malware called T9000 was specifically targeting Skype users. Once installed the software can record Skype movie and audio calls, and upload them along with text talks to a server. There is a caveat however. Even with the malware installed, the user must still give explicit permission for it to access Skype, however it masks the request so the user doesn’t know it’s malicious. “The victim must explicitly permit the malware to access Skype for this particular functionality to work. However, since a legitimate process is requesting access, the user may permit this access without realising what is actually happening. Once enabled, the malware will record movie calls, audio calls and talk messages,” the researchers said.

Sophisticated malware like T9000 has been designed to bypass all the most popular antivirus software, and while it is certainly better to have some antivirus on your PC, it is not a finish solution. One significant thing to note is that you should have your operating system up to date, so that any known vulnerabilities will be patched. If you are using Windows Ten, then you can configure security settings to install updates automatically. If you are using Skype on Mac OS X then you can feel somewhat safer due to the fact there are no known malware which targets Skype on Apple's computers.

As well as being targeted by malware, Skype has also been used to attempt and distribute malware. Security hard F-Secure recently exposed that criminals were posing as U.S. officials suggesting help to Swiss nationals seeking to find information on how to file for visas to visit the United States. Skype has previously been used to distribute adware.

Finding Users IP Numbers

Another issue afflicting Skype, and one which has been there since 2010, is the capability to find out someone’s IP address simply by knowing their Skype username. There are dozens of services called Skype Resolvers online which will give you the IP address simply by plugging in the username of the person you are seeking information about.

While an IP address in-and-of itself may not be hugely valuable, it could be used together with other individual information against someone. One workaround to this is to use a VPN to hide your real IP address.

All-in-all it is safe to say that if you are looking to share market-sensitive information, talk national secrets or even just share individual and valuable information with family and friends, Skype is not the most bulletproof chunk of software on the planet. Here are five alternatives which promise a more secure connection.

Built in the post-Snowden reality of mass government surveillance, Tox is a peer-to-peer messaging service which also provides the option for movie calling that offers end-to-end encryption. The project states it aims to provide secure yet lightly accessible communication for everyone.

Among the features which Tox boasts about on its website is the protection of your metadata (such as your IP address etc) from everyone except your authorised friends and making your identity unlikely to spoof without the possession of your private private key, which never leaves your computer.

There is the added benefit of Tox being fully free and without any annoying ads to divert you. The downside of this open source software of course is that the interface is not as slick as Skype’s and there are not as many features. While there is an Android version available on Google’s Play Store, the iOS version is still in beta and only available through Apple’s TestFlight service.

Ring is a free lump of software permitting users make audio or movie calls, in pairs or groups, and to send messages “safely and loosely, in confidence.”

Developed as an open source project by a community of worldwide developers, it is available on Windows, Mac OSX, Linux and Android, tho’ not on iOS at the moment. The developers say no individual information is ever stored on a central server making it “impossible to create files on users.”

If movie is not a necessity then Signal, the talk and voice calling app from Open Whisper Systems, is very likely the most secure service available.

Used by the likes of Snowden, security accomplished Bruce Schneier and renowned cryptographer Matthew Green, the app is available on both iPhone and Android. It permits users to use their own phone numbers and contact books, while encrypting end-to-end the messages and calls you make, including test, picture and movie messages.

Open Whisper Systems is a large community of volunteer open source contributors funded by grants and donations, meaning the app itself is free and without ads.

In development since before Skype was launched, Linphone is an open source service for voice and movie calling as well as text messaging promising end-to-end encryption for all.

Just like Skype the smartphone app is available on Android, iOS, Windows Phone as well as clients for Windows, Linux and Mac OS X. There is the capability to treat numerous calls at once; pause, resume and transfer calls; and you can even merge calls if you want to talk in a group.

For desktop users there is no need to download any software, just log onto the website, connect and begin talking. For smartphones there are iOS and Android apps, but the process is much the same.

Talky is developed by a petite US software and design company called &yet. In relation to privacy and security, the company says: “We’re not here to sell ads based on your conversations, resell information about you, or keep track of what you do online.”

As well as encrypting all the voice and movie conversations inbetween the two sides of the call, the service encrypts all the set-up, call control, and rip down information that your computer sends to the company’s servers — meaning no meta data will leak. While the group calls are slightly less secure, Talky does make it very difficult for anyone to decrypt the content of any calls by storing the encryption keys only in memory or the communications bridge it uses which is the same as it does for voice and movie calls.

Is Skype Safe and Secure? What are the Alternatives?

Без кейворда

When Skype launched on twenty nine August 2003, it is fair to say that it was one of the most significant moments in the history of communication. As hyperbolic as it may seem to equate the launch of Skype with the invention of the printing press by Johann Gutenberg in 1450; the very first long distance phone call made in one thousand eight hundred eighty four or the very first mobile phone call made in 1973, there is no question that Skype revolutionised the way the world was connected and heralded an era where geographical distance no longer meant being incapable to see and talk to your friends and family.

Unsurprisingly Skype was a big success and since it was launched it has grown quickly and according to the latest figures from Microsoft — which bought Skype for $8.Five billion in two thousand eleven — there are three hundred million people around the world actively using the service every month, and while other services like WhatsApp and Facebook Messenger (which both suggest similar services) have grown thicker in terms of user numbers, Skype is still a hugely significant service for people around the world.

Considering its popularity among all strata of society from grandmothers attempting to contact their grandchildren travelling the world to activists seeking to contact journalists on the other side of the globe, security is obviously a hugely significant factor for a lot of its users.

The elementary response is not indeed, but there are a lot of things to consider before you determine if Skype is a safe enough platform for you. Here will we walk you through how Skype works, what the service claims about its security and what we know about vulnerabilities to that system. We will also look at five alternative services which suggest better security and could substitute Skype as your primary Voip contraption.

Skype is a service which permits smartphone, tablet and PC users around the world to communicate with fellow Skype users via movie or voice. The service also permits Skype users to connect via voice with landlines and mobile phones for a fee. The service also has a built-in instant messaging and file transfer features.

The system requires users to download a chunk of software to use the service and is available on Mac and Windows PCs, as well as apps for iOS and Android devices.

What Happens When I Register?

When you set up a Skype account your username and password are stored both on the device you create the account on and on Skype’s servers. This is done to permit for call recipients to be authenticated and to assure that callers seeking authentication are accessing a Skype server rather than an impostor.

According to Skype’s own website: “All Skype-to-Skype voice, movie, file transfers and instant messages are encrypted. This protects you from potential eavesdropping by malicious users.” For each call you make, your Skype client creates a unique 256-bit AES encryption key for that session. This session key exists as long as communication proceeds and for a immovable time afterward, according to the company. When you place a call, Skype transmits the session key to the person you are calling and that session key is then used to encrypt messages in both directions.

But Not Everything Is Encrypted

While Skype-to-Skype calls are encrypted, if you use Skype to call mobile phones or landlines (which many people do in order to take advantage of much lower rates, especially to overseas numbers) the part of your call that takes place over the ordinary phone network (PSTN) is not encrypted. For example, in the case of group calls involving two users on Skype-to-Skype and one user on PSTN, then the PSTN part is not encrypted, but the Skype-to-Skype portion is.

Skype Records Your History

By default Skype will record details about all calls (tho’ not the calls themselves) and store them in a “History” file which resides on the user’s device. While this in and of itself is not a problem, if the security of your computer, smartphone or tablet is compromised then the attackers will be able to access its contents.

However, all these issues are rendered somewhat pointless in light of several latest revelations.

In two thousand thirteen an Ars Technica investigation found that Skype “regularly scans message contents for signs of fraud, and company managers may log the results indefinitely. And this can only happen if Microsoft can convert the messages into human-readable form at will.”

Part of the investigation which witnessed a security researcher create specially crafted URLs which were sent over Skype’s IM system, counters Skype’s claims made in two thousand seven that it couldn’t conduct wiretaps because of strong encryption and sophisticated peer-to-peer network connections.

Just a duo of months later, Skype claims that all encrypted communications couldn’t be spied upon were further eroded by revelations made by Edwards Snowden which displayed that the National Security Agency had widespread access to voice and movie calls on the service which were presumed to be encrypted. Skype began working with the NSA in two thousand eleven before it was acquired by Microsoft but in latest years the amount of information being collected has tripled and now includes movie.

Prior to Snowden’s revelations, in March 2013, Jeffrey Knockel, a computer-science graduate student at the University of Fresh Mexico, exposed that the special version of Skype which Chinese users are coerced to use — known as TOM Skype — was permitting the Chinese government to gather information on its users including information about their political beliefs, as well as censoring what they can say to one another.

In May of the same year, well-regarded Russian publication “Vedomosti” reported that both the national security agency and the police are able to tap Skype conversations without even filing a court order.

But the issues don’t stop at governmental spying. Skype has also been shown to be vulnerable to malware designed to monitor your calls and movies.

As recently as February two thousand sixteen researchers at Palo Alto Networks exposed that a lump of malware called T9000 was specifically targeting Skype users. Once installed the software can record Skype movie and audio calls, and upload them along with text talks to a server. There is a caveat however. Even with the malware installed, the user must still give explicit permission for it to access Skype, however it masks the request so the user doesn’t know it’s malicious. “The victim must explicitly permit the malware to access Skype for this particular functionality to work. However, since a legitimate process is requesting access, the user may permit this access without realising what is actually happening. Once enabled, the malware will record movie calls, audio calls and talk messages,” the researchers said.

Sophisticated malware like T9000 has been designed to bypass all the most popular antivirus software, and while it is certainly better to have some antivirus on your PC, it is not a finish solution. One significant thing to note is that you should have your operating system up to date, so that any known vulnerabilities will be patched. If you are using Windows Ten, then you can configure security settings to install updates automatically. If you are using Skype on Mac OS X then you can feel somewhat safer due to the fact there are no known malware which targets Skype on Apple's computers.

As well as being targeted by malware, Skype has also been used to attempt and distribute malware. Security hard F-Secure recently exposed that criminals were posing as U.S. officials suggesting help to Swiss nationals seeking to find information on how to file for visas to visit the United States. Skype has previously been used to distribute adware.

Finding Users IP Numbers

Another issue afflicting Skype, and one which has been there since 2010, is the capability to find out someone’s IP address simply by knowing their Skype username. There are dozens of services called Skype Resolvers online which will give you the IP address simply by plugging in the username of the person you are seeking information about.

While an IP address in-and-of itself may not be hugely valuable, it could be used together with other individual information against someone. One workaround to this is to use a VPN to hide your real IP address.

All-in-all it is safe to say that if you are looking to share market-sensitive information, talk national secrets or even just share private and valuable information with family and friends, Skype is not the most bulletproof lump of software on the planet. Here are five alternatives which promise a more secure connection.

Built in the post-Snowden reality of mass government surveillance, Tox is a peer-to-peer messaging service which also provides the option for movie calling that offers end-to-end encryption. The project states it aims to provide secure yet lightly accessible communication for everyone.

Among the features which Tox boasts about on its website is the protection of your metadata (such as your IP address etc) from everyone except your authorised friends and making your identity unlikely to spoof without the possession of your private private key, which never leaves your computer.

There is the added benefit of Tox being entirely free and without any annoying ads to divert you. The downside of this open source software of course is that the interface is not as slick as Skype’s and there are not as many features. While there is an Android version available on Google’s Play Store, the iOS version is still in beta and only available through Apple’s TestFlight service.

Ring is a free chunk of software permitting users make audio or movie calls, in pairs or groups, and to send messages “safely and loosely, in confidence.”

Developed as an open source project by a community of worldwide developers, it is available on Windows, Mac OSX, Linux and Android, tho’ not on iOS at the moment. The developers say no individual information is ever stored on a central server making it “impossible to create files on users.”

If movie is not a necessity then Signal, the talk and voice calling app from Open Whisper Systems, is most likely the most secure service available.

Used by the likes of Snowden, security accomplished Bruce Schneier and renowned cryptographer Matthew Green, the app is available on both iPhone and Android. It permits users to use their own phone numbers and contact books, while encrypting end-to-end the messages and calls you make, including test, picture and movie messages.

Open Whisper Systems is a large community of volunteer open source contributors funded by grants and donations, meaning the app itself is free and without ads.

In development since before Skype was launched, Linphone is an open source service for voice and movie calling as well as text messaging promising end-to-end encryption for all.

Just like Skype the smartphone app is available on Android, iOS, Windows Phone as well as clients for Windows, Linux and Mac OS X. There is the capability to treat numerous calls at once; pause, resume and transfer calls; and you can even merge calls if you want to talk in a group.

For desktop users there is no need to download any software, just log onto the website, connect and begin talking. For smartphones there are iOS and Android apps, but the process is much the same.

Talky is developed by a puny US software and design company called &yet. In relation to privacy and security, the company says: “We’re not here to sell ads based on your conversations, resell information about you, or keep track of what you do online.”

As well as encrypting all the voice and movie conversations inbetween the two sides of the call, the service encrypts all the set-up, call control, and rip down information that your computer sends to the company’s servers — meaning no meta data will leak. While the group calls are slightly less secure, Talky does make it very difficult for anyone to decrypt the content of any calls by storing the encryption keys only in memory or the communications bridge it uses which is the same as it does for voice and movie calls.

Related video:

Leave a Reply

Your email address will not be published. Required fields are marked *