Feeds

Skype snoop agent reads mobo serial numbers

'Quite normal' feature has been removed

The Power of One eBook: Top reasons to choose HP BladeSystem

Skype has been spying on its Windows-based users since the middle of December by secretly accessing their system bios settings and recording the motherboard serial number.

A blog entry made on Skype's website assures us it's no big deal. The snooper agent is the handiwork of a third-party program called EasyBits Software, which Skype uses to manage Skype plug-ins.

Among other things, EasyBits offers DRM features that prevent the unauthorized use or distribution of plug-ins, and that's why Skype 3.0 has been nosing around in users' bios. Reading the serial number allows EasyBits to quickly identify the physical computer the software is running on. The practice was discontinued on Thursday, when Skype was updated to version 3.0.0.216.

"It is quite normal to look at indicators that uniquely identify the platform and there is nothing secret about reading hardware parameters from the BIOS," Skype's blog author, Kurt Sauer, assured us. He also says Skype never retrieved any of this data. We're not sure that's the point.

Skype goes to great lengths to assure users they will not be fed spyware, which the eBay-owned VOIP provider defines as "software that becomes installed on computer without the informed consent or knowledge of the computer’s owner and covertly transmits or receives data to or from a remote host." What's more, we were unable to find terms of service the spells out what EasyBits does with the information it gathers on Skype users.

It's also hard to take Skype's nothing-to-see-here notification at face value because of the lengths the software goes to conceal its snooping. As documented in the Pagetable blog, the Skype snoopware runs a .com file and prevents the more curious users among us from reading it. Were it not for errors it was giving users of 64-bit versions, we'd probably still be in the dark.

Skype's decision to remove the EasyBits DRM feature is a good start. Time now for an apology and an explanation of what has been done with the information already collected. ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.