Skype Extras Gallery uses BIOS data for DRM

The recently discovered BIOS access by Skype is a function in Skype's Extras Gallery, that allows to add plug-ins to the video and telephony software. As the company's Chief Security Officer, Kurt Sauer writes, the component in question, which was purchased from EasyBits software, uniquely identifies computers using the BIOS data so it can check, as a form of digital rights management, whether the license agreements for the various plug-ins are being upheld.

The Extras Manager, which can be reached under Actions –> Extras –> Manage extras, was introduced in Skype–3 for Windows. It offers access to a number of partly non-free add-ons, for collaboration, data transfer, and games between callers. Since the EasyBits component produced errors on the 64-bit Windows, Sauer says the new version 3.0.0.216 of Skype has been modified so it no longer reads out BIOS data.

But Sauer's comments do not reveal how the Skype components provided by EasyBits handled the sensitive computer data. It is for example possible that the unique fingerprints are centrally analysed to determine the number of units installed worldwide for licensing negotiations, or to detect illegal copies. Those who want to learn more about how Skype works can read heise Security's background article about how Skype gets past firewalls. In addition, a presentation given at the Black Hat 2006 security conference gives an interesting insight what efforts are taken to prevent an analysis of what Skype does and how.

See also:

• Skype Extras plug-in manager, Skype's Chief Security Officer comments the issue
• Skype reads out BIOS data, heise Security's report
• The hole trick How Skype & Co. get round firewalls, background article at heise Security
• Silver Needle in Skype, (links to a PDF) presentation given at the Black Hat Conference 2006

(trk)