Microsoft Skype for Business’ Feature Analyzed : Shares More than What You Wanted

December 26, 2018
Microsoft Skype for Business’ Feature Analyzed: Shares More than What You Wanted

Let’s say you wanted to do a conference call using Skype for Business with “screen-sharing” turned on – you want this because you have an important presentation and you need to be able to show the people on the other end exactly what you are working on. Well then, be prepared to share more than what you wanted.

In the event that the person who initiated the screen-sharing hangs up, the desktop-sharing feature continues to function. So the people at the other end of the line is still able to see what’s happening there – I know, it does sound creepy and literally violates someone’s privacy in a way.

The person who started the session does not notice the tiny warning at the top – it means they are continuously sharing everything they have on their screen. Files and programs with sensitive financial information, email conversations, private messages on social media platforms, basically all of them are exposed and can literally be seen by the party on the other end.

Now imagine if a cybercriminal was participating in a conversation like this, they would have had a ball with all the available information right in front of them. In some other cases, a company competitor could get away with sensitive and secret trade information if they wish to do so.

Just when you thought that you had chanced upon a serious bug or developer flaw. Just after a few Google searches about the issue and almost on the verge of calling Microsoft, well, screen sharing after ending a call is “a feature, not a bug”. Never minding the fact that a random regular Skype user first calls someone to start a video meeting, then proceeds to open a presentation, ends the call and comfortably assumes that the whole interaction has ended.

Question – why would anyone possibly want their screen to still be visible to the other party, even though the whole call and presentation ended? Even if, by chance, that was the case, the tiny ribbon that lets you know screen-sharing has such an inconspicuous design, a regular skype user will definitely miss it. For such a security-sensitive feature, you’d think something like neon colors were in order, at the least. Certainly, a pleasant design should not be the only priority for Skype for Business.

Microsoft’s response?

“It’s an expected behavior,” said a telephone customer representative. He followed that with an invitation to “vote for this feedback” at another link. And a recommendation to “close the Skype for Business chat window to end the Skype call and screen sharing at the same time.”

Yes, you heard that right. The official suggestion is to close the entire browser window, not press the “end call” button.

Well, let’s give it a bit more time, someone from Microsoft customer support will tell you to put a sticker on your webcam if you want to stop broadcasting. This is not to mention what a huge GDPR infringement this Skype for Business bug, feature, security risk or whatever it really is. Some cybersecurity experts are pointing out that even sharing usernames in an unencrypted communications environment or screens can be against the General Data Protection Regulation.

About the author

Leave a Reply