Skype reads out BIOS data

The Windows version of the video and telephony software Skype reads and stores the BIOS data of a user's computer. As a hacker with the pseudonym Myria reports in a blog entry, once the software is launched it saves an executable file called 1.com in the user's temporary folder. This file contains code that transmits the data found in the BIOS address area of the application to be launched. It is not yet clear what the Skype software does with the data, which may contain, among other things, the motherboard serial number. The mysterious .com file was only noticed because of an error message that Skype outputs when it is launched on systems running on 64-bit versions of Windows. 64-bit versions lack the "NT Virtual DOS Machine" (NTVDM), which allows direct access to BIOS memory pages and is required to execute the program. Since myria's blog entry is dated February the 6th 2007 presumably Skype added the BIOS reading code to their applications relatively recently.

Interestingly, the Skype software apparently also attempts to prevent the contents of the .com file that it has created, from being examined. Myria writes that the file could only be opened after the system had been rebooted because of a forced kernel panic. As the comments on this blog entry reveal, such actions make users quite suspicious of the Skype vendor. At the beginning of 2006, in its antitrust dispute with Intel, AMD accused Skype of having tailored the conference function of its telephone software specifically to Intel processors. At the time the function would not run on AMD based systems.

Update: Meanwhile Skype's Chief Security Officer commented on this issue. Read Skype Extras Gallery uses BIOS data for DRM

See also:

• Skype Reads Your BIOS and Motherboard Serial Number, myria's blog entry

(trk)