GotteBeSecure: Skype Security and the Mobile User

image As a mobile user, I often use Skype as a cheap, easy replacement for a more costly teleconferencing system. But have you ever wondered how secure Skype is? After all, if you’ve read very many of my past articles, you already know that your network activity in a coffee shop or public WiFi hotspot is possible subject to monitoring or interception.

Fortunately for Skype users, Skype phone calls, instant messages, and file transfers are all encrypted using strong encryption:


"Skype uses AES (Advanced Encryption Standard), also known as Rijndael, which is used by U.S. Government organizations to protect sensitive, information. Skype uses 256-bit encryption, which has a total of 1.1 x 1077 possible keys, in order to actively encrypt the data in each Skype call or instant message. Skype uses 1024 bit RSA to negotiate symmetric AES keys. User public keys are certified by the Skype server at login using 1536 or 2048-bit RSA certificates."

clip_image002What this means is that no one in the coffee shop is going to be interception your converstations over the WiFi and listening to them. However, keep in mind that a coffee shop is no place to have a sensitive business conversation. There are still low-tech methods to listen-in to what you’re saying.

Taking a look at your surroundings brings up a second, and more important, point about security. As you take inventory of what’s secure and what’s potentially not secure, it quickly becomes obvious that Skype and its encryption are not the weakest points in the chain. Is your tablet PC or ultra-mobile PC up-to-date with software security patches? Is it virus- and spyware-free?

Maybe you’ve read about software security flaws in the Skype software that could allow hackers to break-in to your computer by attacking Skype. Like most popular software, Skype has been the target of extensive security research by both hackers and security professionals alike. Various security flaws, some of them high-profile, have been discovered and fixed. The best advice on this front is to set-up Skype to always check for new software updates. Within the Skype application perform the following steps:


  1. Click on Tools –> Options…
  2. Click on the Updates tab
  3. Select either Download automatically or Ask before downloading for both “Major Releases” and “Hotfixes.”

One final thought on security…all the security precautions in the world won’t help if you fundamentally misunderstand the threat against you. Take the case of convicted mafia boss, Nicodemo Scarfo. He used PGP (Pretty Good Privacy) software to encrypt the contents of his hard disk drive in order to conceal the records of his illegal activities. His adversay, FBI, secretly installed a keyboard logger on his computer and obtained his PGP passphrase (rendering all his encryption useless). The lesson? Computer security is extremely hard to do perfectly. Skype is secure enough for most day-to-day personal and business discussions. However, if you’re communicating very sensitive information, make sure you understand who wants that information and what their capabilities are to get it.