Last month we investigated how safe WhatsApp is and discovered among other things that; Yes, you can read deleted WhatsApp chats.
As we continue with our research and investigation into instant messaging applications, we also came across a similar security loophole in Skype, in that when you delete conversations in the application, they are not really deleted.
What is even more alarming (at least to us) is that unlike WhatsApp, Skype stores all conversation history (including deleted chats) in plain text format, i.e. unencrypted!
Granted we could only find this flaw when using Skype on a Microsoft Windows computer, but considering a large percentage of Skype users use it from Windows based computers it is quite a big concern.
Why the big concern about Skype’s security and in general, instant messaging applications?
The answer is pretty straightforward, we send sensitive and critical information over Skype whether in text conversations or in VOIP calls.
Sometimes we do this believing that (unlike e-mail which jumps through different servers) this will prevent a third party from reading the information we are sending, this information can be things like login credentials.
What? In Plain Text?
By default (not that you have a choice), Skype stores all your conversation history on your hard disk (Microsoft Windows based computer in our test).
This is fine and acceptable, but things start getting bad when you discover that the file it stores all the Skype conversation history in is in plain text!
The default path for a computer running Microsoft Windows 7 is:
C:\Users\<your Windows user name>\AppData\Roaming\Skype\<your Skype user name>\main.db
Once you find the file you can open it using a text editor and you will see your conversations (including deleted ones).
Although they are not aesthetically pleasing to view using a text editor, there are many applications one can use to view them in a readable (aesthetically) format like the SQLite browser.
With SQLite browser, just look for a table called
Messages and you will be able to read them in an ‘aesthetically’ pleasing format.
Here’s The Problem
Just like the WhatsApp loophole, all it takes for someone to read your conversation history is for them to get hold of that file from your computer. They could do this manually when you are not at your computer or through a virus or some form of malware.
Furthermore, the person you were having the conversation with also has the same file with the same contents increasing the risk double fold.
The even bigger problem or deception is that what is labelled delete on Skype doesn’t actually delete conversations, it merely hides them from the application’s user interface.
So, if you’re privacy conscious and do exchange sensitive information over Skype, now you know where to go and delete the file.
Do note though, deleting the file will also delete cached profile information like contacts profile photos, real names etc., but these get restored as soon as those contacts log into Skype again.
Cover Image Credit: PhotoAtelier