Feeds

Skype snoop agent reads mobo serial numbers

'Quite normal' feature has been removed

SANS - Survey on application security programs

Skype has been spying on its Windows-based users since the middle of December by secretly accessing their system bios settings and recording the motherboard serial number.

A blog entry made on Skype's website assures us it's no big deal. The snooper agent is the handiwork of a third-party program called EasyBits Software, which Skype uses to manage Skype plug-ins.

Among other things, EasyBits offers DRM features that prevent the unauthorized use or distribution of plug-ins, and that's why Skype 3.0 has been nosing around in users' bios. Reading the serial number allows EasyBits to quickly identify the physical computer the software is running on. The practice was discontinued on Thursday, when Skype was updated to version 3.0.0.216.

"It is quite normal to look at indicators that uniquely identify the platform and there is nothing secret about reading hardware parameters from the BIOS," Skype's blog author, Kurt Sauer, assured us. He also says Skype never retrieved any of this data. We're not sure that's the point.

Skype goes to great lengths to assure users they will not be fed spyware, which the eBay-owned VOIP provider defines as "software that becomes installed on computer without the informed consent or knowledge of the computer’s owner and covertly transmits or receives data to or from a remote host." What's more, we were unable to find terms of service the spells out what EasyBits does with the information it gathers on Skype users.

It's also hard to take Skype's nothing-to-see-here notification at face value because of the lengths the software goes to conceal its snooping. As documented in the Pagetable blog, the Skype snoopware runs a .com file and prevents the more curious users among us from reading it. Were it not for errors it was giving users of 64-bit versions, we'd probably still be in the dark.

Skype's decision to remove the EasyBits DRM feature is a good start. Time now for an apology and an explanation of what has been done with the information already collected. ®

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.