Security, Skype and the Blackberry
Over the past couple of months there have been posts about various means to access Skype from the Blackberry. One common question that arises is that of security when you are providing your login name and password to a "server" that acts as a Skype gateway from your wireless device. I have had a chance to communicate with all three of the services and provide the following comments as background:
- None of these services is going to compromise their business integrity by allowing a security breach of the types suggested by various commenters.
Security was a foundation design consideration for the Blackberry from its initial conception, with respect to both data streams and the voice conversation.The Blackberry is the only mobile device approved for use with several North American. European and South Pacific government security agencies. The list includes NATO, the U.S. Government's National Institute of Standards and Technology (NIST).and Canada's Communications Security Establishment (CSE).- PayPal is not going to allow any process that may compromise the security of your accounts affiliated to your PayPal account.
With respect to the specific Skype via Blackberry services:
- Mobivox has extensively tested their service for security to ensure their databases cannot be hacked.
- Both IM+ for Skype Software and iSkoot only have the login/password information stored on your Blackberry device, not on any server. This information is only passed, when required, over a Blackberry encrypted data stream to actually launch a Skype IM and/or voice session. Dan York questioned iSkoot's security in one of his posts; the responding comment from Jacqueline Van Meter, of iSkoot Product Management, states:
Some of the additional issues that you mentioned are actually security features in the BlackBerry OS. Specifically, when the user clicks on a name to call a contact, the OS double-checks that the user really intends to make an outgoing call from the application. This prevents unauthorized calls by third-party applications and is a common security feature in almost all mobile platforms.
Of course, we take the issue of password security very seriously. Login and password information are always encrypted. The information is stored on the handset only -- never the server -- and only in cases where the user selects the auto sign-in option. The communication from the client to our server is also encrypted and secured, using https.
- Upon completion of a conversation session, the Skype client on the Skype gateway server is closed leaving no trace of the login/password information.
Some concern was expressed that having access to a Skype account could provide access to your bank account via PayPal. Forget it! I investigated the PayPal "access via Skype" issue. For its own integrity PayPal would not allow a process that was open to abuse. But as added assurance, to do anything meaningful, such as purchasing Skype hardware via a Skype service or website, you need to also log into your PayPal account along with your Skype account.. All you can buy on an automatic renewal basis are voice mail, SkypeIn, SkypeOut and even there you can put on a daily limit as low as $50. As one additional security measure, ensure your PayPal password is definitely not your Skype password.
Bottom Line: The combination of Blackberry's inherent security, PayPal's need for financial services integrity as well as the business integrity of these services provides several levels of assurance that using these services will not compromise any authorization and authentication issues..
P.S. - Would paranoid or xenophobic describe the French government with respect to Blackberry security? The final irony in this story: the servers referenced as being in the U.S. are actually in Canada near RIM's headquarters.
Tags: Skype, Blackberry, IM+ for Skype Software, iSkoot, Mobivox, Dan York, PayPal, Skype on Blackberry, security, Blackberry security
Comments
I still think Skype should come out with a BB version. IM+ is perfect for me but $25 for a Skype client is abnormal!
Posted by: Florian SEROUSSI | August 3, 2007 11:57 PM
I just installed Skype IM+skypeOUT on my blackberry 8830 world version. It does work but what I pay for connection fee (7.8cents) and 4.5cents per minute (to Switzerland) is a whole lot more than what I can get with NobelCom. I received an offer from them yesterday to purchase a calling card to Switzerland for 2.5cents/minute, (the highest rate of their 4 cards) without any connection fee at all. Skype is supposed to be 2.1euro cent per minute to Europe and most other countries with no connection fee. If you possess a cell phone with free internet access, you should NOT have to pay more than you pay on your computer to call any phone around the world. As long as they have not found an answer to that connection fee and higher fee using a cell phone through the web, I will not use skype at all but will continue using my calling card. It is faster and cheaper. NobelCom provides a local number for me to call and recognizes my tel# so I never have to dial a pin. I just find the memorized person in my address list, click send twice and talk. That is that simple. The charge on their card lasts 1 year and they offer auto recharging capability as well.
Thanks for reading my message
Samuel Grandjean
Posted by: Samuel Grandjean | March 14, 2008 08:08 AM