Overview of Skype’s security measures

Falcongaze thinks that before using an application, it is necessary to ask: are my data secure with it? What are security measures the company has provided its app with? We don’t think that you would like your data to fall into the wrong hands. That’s why it is important to be aware of app’s security measures.

The Analytical department of Falcongaze observed security measures of Skype. There are the main of them.

All audio and video calls, files and messages are end-to-end encrypted. End-to-end encryption is a method when a message is encrypted before sent and decrypted only on an addressee’s device. It minimizes the risk of being eavesdropped or read by malicious actors. However, if you call from Skype to mobile or landline phone, then the part of a call that uses ordinary phone network is not encrypted.

Skype uses TLS-protocol to encrypt messages between a Skype client and a chat service in their cloud. TLS-protocol safeguards against eavesdropping, and it checks that a message is delivered to addressee. AES-protocol is used to exchange messages between Skype clients. It was initially used by the USA government to encrypt superconfidential documents.

Voice messages are encrypted only while delivering. After a receiver listens to it, it will be stored on their device decrypted.

To secure your account, Skype recommends using strong passwords. For instance, not just a word, but a sentence. The password in Skype can be limited to 50 digits. Use not only letters and numbers, but also punctuation marks and symbols that will strengthen it.

When a user pays for something using Skype, all data are secured with SSL-protocol. It consists of 2 elements – client authentication and data encryption – that provide secure information exchange.

The company asks users’ not to answer to messages in which you are asked to share your finance information, passwords or other data on behalf of Skype. Skype never asks that kind of information. Skype agents can require some details, but not a full number of credit card or a password.

Skype also notifies about messages like “Your account has been compromised, click here to view details” or “Confirm your account details”. Don’t succumb to a false sense of emergency. It is better to log in from the Skype’s official web-site. Don’t download and open attachments if you have received a message with them on behalf of Skype.

The company warns that fraudulent actors can use social engineering. By its means they can learn your personal information. In such cases, people have a tendency to behave nice. However, in most cases they are not people, but computer programs (bots) having a limited set of scripts. If you happen to share your data and your account has been compromised, change your password as far as possible. If your account has been hijacked, contact Skype support service.

The Analytical department of Falcongaze described the main security measures Skype has to safeguard users’ data and minimize the risk of being hacked.

Important publications

What is UBA? 6 August 2019
What is DLP systems? 13 February 2019