Thursday, October 9, 2008

Chinese Skype Client Hands Confidential Communications to Eavesdroppers

Original Link:

People all over the world use Skype. It’s one of the most popular chat engines on the internet. But what would you do if you found out that some of your instant messages are being blocked? The Chinese Skype client, called TOM Skype, does just that. Not only blocking specific keywords in your chat conversations, it watches private text conversations and reports them. Imagine how people who use TOM Skype, or the people who chat with those on the TOM client, feel after Skype already boasted absolute privacy for its users and complete security.
Eight remote servers exist in China, and any of the blocked keywords that may come up in the “private” messaging conversations are sent to one of these servers. These servers have relatively low security, so it was discovered that from around 44,000 users, over 166,000 messages had been censored.
Skype claims to have nothing to do with the breach in the TOM Skype client, and that at the time they were being assured that the users’ privacy was safe. However, this did not turn out to be the case. Skype is no longer reliable in the claims of secure privacy.
Again, this isn’t limited to TOM Skype client users only. If someone in the United States is chatting with someone in China using the TOM client, their end of the conversation is being monitored, and very possibly censored, as well.
eBay, a business partner with Skype, is very concerned about this compromised client on the Skype engine. They are warning their users to be cautious of what Skype client someone else is using, and not to communicate with those using the TOM client. eBay also no longer associates itself with TOM and required that TOM remove any of eBay’s trademarked images and links. eBay has created a “Chinese-localized version of Skype.” It is programmed to give users information on TOM, as well.
This article also gives a few links to alternative open source online chat engines that are much more secure than the TOM client.

No comments: