In association with heise online

09 February 2007, 16:47

Skype Extras Gallery uses BIOS data for DRM

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The recently discovered BIOS access by Skype is a function in Skype's Extras Gallery, that allows to add plug-ins to the video and telephony software. As the company's Chief Security Officer, Kurt Sauer writes, the component in question, which was purchased from EasyBits software, uniquely identifies computers using the BIOS data so it can check, as a form of digital rights management, whether the license agreements for the various plug-ins are being upheld.

The Extras Manager, which can be reached under Actions –> Extras –> Manage extras, was introduced in Skype–3 for Windows. It offers access to a number of partly non-free add-ons, for collaboration, data transfer, and games between callers. Since the EasyBits component produced errors on the 64-bit Windows, Sauer says the new version of Skype has been modified so it no longer reads out BIOS data.

But Sauer's comments do not reveal how the Skype components provided by EasyBits handled the sensitive computer data. It is for example possible that the unique fingerprints are centrally analysed to determine the number of units installed worldwide for licensing negotiations, or to detect illegal copies. Those who want to learn more about how Skype works can read heise Security's background article about how Skype gets past firewalls. In addition, a presentation given at the Black Hat 2006 security conference gives an interesting insight what efforts are taken to prevent an analysis of what Skype does and how.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit