Information Security in Skype
31.01.2022
Perhaps there are no such PC and Internet users in the world who would not have heard of Skype. Skype is one of the most popular and long-standing services for exchanging text, photo, and video messages. According to experts, in 2021 the number of Skype users has exceeded 800 million. Although a large number of messaging applications have appeared recently, Skype has remained at the top for many years and is a giant among such services.
In this article, we will talk about why Skype is still popular, what improvements and features have appeared in Skype lately, and most importantly, we will discuss the security aspects of the application.
Back to history
Skype Technologies was founded in 2003, the Skype application itself was created at the same time in 2003. At that time, its advantage was the ease of installation and use, when installing Skype, it chose the Windows localization language, moreover, registering an account took a minimum of time compared to competitive services of that time.
In the first updates of the initial version of Skype, features such as an answering machine, the ability to link an account with a regular phone number, a little later, the ability to forward a call to another account or even to a phone number appeared. Skype was the first to open the function of video calls and video conferencing, as well as the ability to integrate an account with Microsoft Outlook.
In 2011, Microsoft bought Skype Technologies for $8.5 billion and operates the service to this day.
Skype technology
Skype achieved such great popularity, mainly due to technology that competitors-providers of IP-telephony services did not use. Peer-to-peer technology is a decentralized network where each computer is both a client and a server. With this communication architecture, the network of connections can be expanded to a huge number of nodes without affecting the performance of the entire system. At that time, most of these applications worked on a "client-server" system, which was significantly inferior to P2P in terms of communication and the ability to connect a large number of users.
The central element of Skype is the identification server, which stores information about user accounts and backup copies of their contact list, this server is needed, in fact, only to establish communication, and all communication is carried out directly between computers. It is possible to connect to Skype through a superserver - a special server within the local network. In this case, the conversation can continue until the end and without an Internet connection, or until the moment when some kind of failure occurs on the local network.
The Skype protocol is closed and used only by the original Skype software.
Data collection and security in Skype
Since Microsoft bought Skype in 2011, since that time Skype has shared a data protection policy with all other Microsoft products. The decrypted data pages are only available to Microsoft and the ISP. Skype has automatic technology to scan messages for spam, fraud, extortion, and other types of blackmailing.
Having recognized a malicious message or a potentially dangerous link, the program either does not allow the message to be sent or deletes it after sending, so suspicious materials simply disappear from the chat.
Officially confirmed cases of decryption, interception, or illegal transmission of data were not recorded until 2008, but over the following years, there were several major data leaks from Skype. These leaks were carried out with the help of specially designed applications for wiretapping and hacking the Skype system. After Microsoft became the owner of Skype, all information, including encryption methods, began to be carefully analyzed on servers and filtered.
In 2018, giants such as Google, Facebook, and Whatsapp switched to end-to-end encryption protocol technology, Skype followed suit, but only for private chat, which can be selected by clicking on “New private conversation” in the menu. Outside of a private chat, all outgoing and incoming information can be viewed by Microsoft.
When registering for Skype, Microsoft prompts users to set up two-factor authentication, and we strongly recommend that you use this feature. In addition to entering a password, a one-time code is sent to your email or phone number.
Spam and phishing on Skype
Skype is quite an ancient service, which means that there are many abandoned accounts. If a cybercriminal manages to take over one of these accounts, they can use it to distribute malware and phishing links to everyone in the account's contact list. This is exacerbated by users who do not verify their contacts and accept requests from strangers.
In 2019, Rietspoof malware was distributed primarily through Skype spam. It was a Trojan designed to infect systems so that it could download more malware.
A simple rule to keep you safe from spam and phishing on Skype is to never click on unwanted links or attachments, especially contacts you haven't talked to in a while. Keeping Skype and your operating system up to date is the best way to prevent malware. We also recommend using a good antivirus.
Safe use of Skype in corporate networks
Skype is so easy to use and popular that many companies use it as their primary means of communication within their corporate network. Before we talked about malicious programs transmitted via Skype and the consequences for user information. In addition to system updates and antivirus, the most reliable protection of not only personal but also corporate data in the workplace will be the use of a DLP system.
What is DLP is a software solution that prevents the leakage of confidential data from the company's local network. Let's use Falcongaze's DLP SecureTower as an example. This system is, in fact, 2 in 1, because it provides data protection and controls the loyalty of employees.
How will SecureTower help the company? SecureTower controls the most popular messengers: Skype, Viber, Telegram, WhatsApp, Zoom, Bitrix24, and others (desktop and web versions of messengers are controlled). The system automatically analyzes messages, sent files, images, voice messages, and calls for the presence of confidential information in them that could potentially be leaked.
After analyzing the intercepted data, if there is a violation of the security rule, the system automatically notifies about the incident with all the information about it.
Of course, at least Skype can be safely called one of the most popular instant messengers, which has been at the top of the number of users for many years. However, it is better to once again worry about the privacy of your data, personal or corporate, and resort to the help of third-party systems that will help ensure personal or corporate information security.