Skype removes DRM snoop agent

Summary:Skype has released an update for Windows users to nuke a DRM (digital rights management) snoop agent that reads the serial number off a user's motherboard.

Skype has released an update for Windows users to nuke a DRM (digital rights management) snoop agent that reads the serial number off a user's motherboard.Skype

The issue was first flagged at Pagetable.com after a blogger discovered that a secretive phone-home mechanism was dumping a Skype user's system BIOS (with motherboard serial number) to the Skype application.

The privacy and security implications are obvious to anyone familiar with the Sony/BMG copy-protection scandal and, on the surface, flies in the face of Skype's adware-free policy that describes spyware as anything that "covertly transmits or receives data to or from a remote host."

In an entry posted to the Skype security blog, Skype's chief security officer Kurt Sauer blamed use of the DRM functionality on EasyBits Software, a third party company that developed the new Extras Gallery in Skype for Windows.

Sauer explains:

The EasyBits software includes a form of digital rights management functionality intended to protect commercial software, such as plug-ins, from illegal redistribution or unlicensed use. Simply put, the EasyBits DRM framework helps us ensure compliance with software usage and distribution.
To enforce these license agreements, the EasyBits framework attempts to uniquely identify what physical computer it’s running on. One way to do this identification is to simply read the serial number of the motherboard, which is often available through a public query to the BIOS.
It is quite normal to look at indicators that uniquely identify the platform and there is nothing secret about reading hardware parameters from the BIOS. The function calls to do this are public and are available to any software running on your computer. Of course, in line with our Privacy Agreement, Skype does not retrieve any of this data. It is only used by the EasyBits software to ensure that plug-in use complies with the appropriate license token or key.
Since we learned that EasyBits DRM did not perform well on some newer platforms, we updated the version of their framework with one that no longer attempts to read from the BIOS. The current download of Skype for Windows, version 3.0.0.216, includes this updated framework. 

* More coverage on this at The Register, Wireless is Fun and Liquidmatrix.

Topics: Software, Collaboration, Social Enterprise

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.