The Tech Herald

Ignored Skype flaw enables hackers to steal sensitive user details

by Steven Mostyn - Oct 25 2011, 14:24

Image: Skype.

What’s not to like about Skype? It spans the world, it enables us to chat instantly with friends and family, it supports video communication, and it’s completely free. What’s not to like?

Well, how about the potential for having your computer’s security compromised because Skype can allow nefarious online criminals to access your identity, physical movements and personal documents?

That’s according to a paper published by a research team from New York University’s Polytechnic Institute, which claims hackers can take a Skype user’s IP address and use it to track activity through P2P services such as BitTorrent—where community users regularly share their personal details.

“These findings have real security implications for the hundreds of millions of people around the world who use VoIP or P2P file-sharing services,” commented Keith Ross of the Polytechnic Institute.

“A hacker anywhere in the world could easily track the whereabouts and file-sharing habits of a Skype user—from private citizens to celebrities and politicians—and use the information for purposes of stalking, blackmail or fraud,” he added.

Although an actual call connection is required to enable the attack, the researchers say hackers will be able to sidestep not being on a user’s contact list by initiating a call, blocking information packets, tracking the victim’s IP address, and ending the call without it even ringing through on the targeted computer.

Skype has apparently been informed of the security loophole (a year ago!), but is yet to act. The researchers say the VoIP service should be able to close the hole quickly and easily by simply tweaking the existing Skype protocol so that it withholds a user’s IP address unless an incoming call is physically accepted.

Skype, which was recently acquired by Microsoft, has not offered an official comment regarding the matter.

Around the Web

Comment on this Story

comments powered by Disqus

From Autosaur.com

Chevrolet shows off the 2015 Colorado with digital experience

Chevrolet has launched a new website to show buyers all the bells and whistles available on ...

Mazda to debut CX-3 and MX-5 at Los Angeles Auto Show

Mazda has announced plans to premiere the new Mazda CX 3, its new compact crossover SUV, at ...

Ford issues safety recall for 204,448 Ford Edge and Lincoln MKX

Ford has issued a safety recall for 204,448 of the 2007-2008 Ford Edge and Lincoln MKX in No...

Mopar Previews SEMA Custom Rides

We have added a set of pictures released by Mopar ahead of the SEMA Show. Mopar are bri...

Audi R8 Competition – The Most Powerful Production Audi Ever

Audi has revealed details of their new super-fast Audi R8 Competititon — the most powerful a...