I don’t know how well known this is but I have become aware of what I see as a severe breach in the security of the Skype chat function that allows your chats to eavesdropped upon by another computer.
Basically when Skype is logged into with the same Skype account on two different machines a copy of any conversation is duplicated on a second machine. For example
• I start a conversation on machine A with a user on some machine elsewhere on the Skype network (say machine B)
• Someone who has access to my user name and password logs on as me on a third machine (C).
Subsequently all of the conversation between A and B would be duplicated on C.
While on one hand this could be considered a feature (can’t they all) as I could flit between A and C and continue my conversation with B, it is also, in my mind, a major flaw in the security of the system as I will not know that someone is eavesdropping on my conversation.
OK this does require knowledge of my user name and password (or I leave myself logged in or have auto log in enabled), but it still means that a conversation that I may have considered to be private may not be.
It is straight forward to duplicate this yourself – just log in on two machines and start chatting on one while monitoring the other.
Hi Paul,
I'd say it verges more on a Privacy matter rather than security. The security seems to work well in my opinion. At least this 'feature' requires the use of a username and password, however I think there should be an option to prevent conversations being recorded. Alternatively some kind of warning message that the conversation is being recorded at 2 locations would be good. Maybe a feature to inform the user currently signed in that a 2nd user on another computer has signed into the skype program with their details?
Ronan
[…]
It is straight forward to duplicate this yourself – just log in on two machines and start chatting on one while monitoring the other.
I would like to duplicate this for some demonstration.
A starts IM chat with B.
C logs in as A on a different machine.
Does C need to also get into the IM section with B, or how?
Does it just pop-up? or …?
I am not familiar with Skype's IM chat functionality so step by step would be awesome.
A starts IM chat with B.
C logs in as A on a different machine.
Does C need to also get into the IM section with B, or how?
Does it just pop-up?
I noticed this about two years ago, but didn't think much of it.
If you're logged into two machines (A and C), and you're chatting from A with B, the complete conversation will pop-up on C and continue to be updated.
My guess is that this is a function of the way the Skype cloud works; in the absence of a single authoritative server, clients tell the cloud that they're subscribing to messages for user 'x' (cf. multicast). The security of such a system would be implicit in your access to the private key (secured by the password) of that user (since messages are encrypted across the cloud).
So, yes, if someone else had your password, they could silently listen in to your conversations. But, depending on the way the cloud is built, this could be difficult to close. Caveat emptor; if you need security, add GPG/PGP across the top and encrypt each message by hand.