security risk Skype

Skype is a popular communications software that has been widely used by individuals and businesses alike. Various negative headlines did not harm the popularity of the software. For example, the Messenger, owned by Microsoft since 2011, was caught in 2007 creating an executable file in the user folder, which collects device data from the computer and tries to hide it from the user. In 2010, it became known that German authorities can intercept encrypted communication via Skype just like normal non-encrypted telephony, when chat protocols were introduced in court proceedings as evidence. However, after Microsoft’s acquisition of Skype, it did not become silent about Skype, because in the same year it became known that a system had been developed at the University of North Carolina at Chapel Hill that could automatically evaluate Skype voice chats. In 2013, heise security revealed that Skype was actively evaluating text chats after a user tip. It was possible to trace that Internet addresses sent in Skype Chats received a visit from Microsoft’s data centers shortly afterwards. Quite peculiarly, only saved addresses with the https prefix were visited. The publication of Edward Snowden in July 2013 resulted in the little surprising certainty that Skype text, voice and video chat will be widely evaluated by the NSA.
In January 2016, the Fraunhofer Institute for Embedded Systems and Communication Technology (ESK) presented a study on the use of Skype in companies. The study concludes that Skype should not be used in companies. In particular, it is criticized that Skype continues to use a proprietary communication protocol. The testing of the software is hindered by undisclosed source code as well as by special mechanisms for analysis protection.
Conclusions from the shaken trustworthiness must now be drawn by each user himself. Especially companies should use Skype deliberately or not at all. However, security concerns apply not only to Skype, but to most of the software solutions whose source code is not published. Even though Open Source alone is no guarantee for the security of software, security-relevant software that does not disclose its source code for verification does not seem to be trustworthy anymore today.