Over the past couple of months there have been posts about various means to access Skype from the Blackberry: One common questions that arises is that of security when you are providing your login name and password to a "server" that acts as a Skype gateway from your wireless device. I have had a chance to communicate with all three of the services and would provide the following comments as background:
- None of these services is going to compromise their business integrity by allowing a security breach of the types suggested by various commenters.
- Security was a foundation design consideration for the Blackberry from its initial conception, with respect to both data streams and the voice conversation.The Blackberry is the only mobile device approved for use with several North American. European and South Pacific government security agencies. The list includes NATO, the U.S. Government’s National Institute of Standards and Technology (NIST).and Canada’s Communications Security Establishment (CSE).
- PayPal is not going to allow any process that may compromise the security of your accounts affiliated to your PayPal account.
With respect to the specific Skype via Blackberry services.
- Mobivox has extensively tested their service for security to ensure their databases cannot be hacked.
- Both IM+ for Skype Software and iSkoot only have the login/password information stored on your Blackberry device, not on any server. This information is only passed, when required, over a Blackberry encrypted data stream to actually launch a Skype IM and/or voice session. Dan York questioned iSkoot’s security in one of his posts; the responding comment from Jacqueline Van Meter, of iSkoot Product Management, states:
Some of the additional issues that you mentioned are actually security features in the BlackBerry OS. Specifically, when the user clicks on a name to call a contact, the OS double-checks that the user really intends to make an outgoing call from the application. This prevents unauthorized calls by third-party applications and is a common security feature in almost all mobile platforms.
Of course, we take the issue of password security very seriously. Login and password information are always encrypted. The information is stored on the handset only — never the server — and only in cases where the user selects the auto sign-in option. The communication from the client to our server is also encrypted and secured, using https.
- Upon completion of a conversation session, the Skype client on the Skype gateway server is closed leaving no trace of the login/password information.
Some concern was expressed that having access to a Skype account could provide access to your bank account via PayPal. Forget it! I investigated the PayPal "access via Skype" issue. For its own integrity PayPal would not allow a process that was open to abuse. But as added assurance, to do anything meaningful, such as purchasing Skype hardware via a Skype service or website, you need to also log into your PayPal account along with your Skype account.. All you can buy on an automatic renewal basis are voice mail, SkypeIn, SkypeOut and even there you can put on a daily limit as low as $50. As one additional security measure, ensure your PayPal password is definitely not your Skype password.
Bottom Line: The combination of Blackberry’s inherent security, PayPal’s need for financial services integrity as well as the business integrity of these services provides several levels of assurance that using these services will not compromise any authorization and authentication issues..
P.S. – Would "paranoid" or "xenophobic" describe the French government with respect to Blackberry security? The final irony in this story: the North American servers referenced as being in the U.S. are actually in Canada near RIM’s headquarters.
Tags: Skype, Blackberry, IM+ for Skype Software, iSkoot, Mobivox, Dan York, PayPal, Skype on Blackberry, security, Blackberry secuirty
Powered by Qumana