Myria from pagetable.com tells us that Skype Reads Your BIOS and Motherboard Serial Number

What happens, is that they use a protected executable file to dump the BIOS POST data, feed it to the client installed on your computer and then probably call back home with this info. What they use it for, and why they are doing that, is still unknown, and the blogosphere will buzz about this until an official press release from Skype will surface. Probably nobody would have figured this out if it wasn’t for Skype omitting to think about all the 64bit processors out there, not compatible with their code.

This seems to be another big screw up from the Skype team, and will surely make all reverse engineering fans try to take a look at *everything* Skype does while running on their computers.

Read more about it at: Skype Reads Your BIOS and Motherboard Serial Number

Follow up: As expected, Skype came up with a plausible explanation for reading your computer’s BIOS POST data with a protected executable. According to them, it’s a thingie that will help them lock their plugins to a computer by embedding the motherboard’s “public” serial number. I use quotes when I say public because they used a “public query to the BIOS” but if it’s that public, why is it hidden? and why don’t they do it when you’re installing your newly acquired plugin from Skype, instead of sending it back home? Apparently, the last build available for download from Skype does not include reading your BIOS POST data anymore. Well, let’s see what the users think about this.

But no matter how you put it, reading of such sensitive data broke Skype’s commitment “Skype is free of Adware, Spyware and Malware” and by their definition:

What is Spyware?
“Spyware relates to software that becomes installed on computer without the informed consent or knowledge of the computer’s owner and covertly transmits or receives data to or from a remote host. For example, spyware may monitor a user’s behaviour and pass on details of a user’s activity (for example their user names or passwords) to a third party.”
Skype’s announcement was made on their Security Blog.

Now we were curious who EasyBits are and followed a few Google leads. We ran over this page for a product called Skypito. I wanted to reproduce some stuff here about their service and privacy policy but it’s a big NO NO! :) Just go there and check it yourselves. The page is 70% “Privacy Policy” and “Legal Notice”. Since I can’t replicate any copyright protected information on that page I’ll have to let you read it. Nevertheless, I know we don’t like any application that phones, even in a way that’s not personally identifiable, critical system data to a given server.

.