Skype may not be quite as secure as first thought after it emerged that Microsoft is continuing to investigate reports of a tool that allows someone to ascertain the IP addresses of logged-on Skype users.
News of the situation has circulated widely since information about it was posted on last week on Pastebin.
The Pastebin post included a script to help automate the exploitation of the issue on a patched version of Skype 5.5. The flaw allows someone to see a Skype user’s vCard–a standard file format for electronic business cards. A look in the log will reveal the Skype user’s IP addresses as well as the internal network card IP address on the user’s computer.
From there, running the IP address information through the WHOIS service can be used to determine a user’s location information. The technique only works if the person being targeted is online.
Knowledge of this situation is critical for those who use Skype in situations where their location needs to be kept secure, as well as for those just interested in personal privacy, blogged Nick Furneaux, managing director of UK-based CSITech.
“I’ve tested this and it does what it says on the tin,” he wrote. “I was able to extract the external and internal IP’s of a friend in the US to within a few miles of his house, a buddy in Asia to within a few streets and my own to just a few miles down the road. More [disconcertingly] the internal IP combined with the internet facing address provides the basis for a direct probe and then attack of any individual on Skype’s global address book.”
Microsoft, which acquired Skype last year, declined to discuss the issue any further.
However reports have surfaced that researchers had reported to Skype back in late 2010 that it was possible to ascertain the IP address of Skype users. The researchers published a paper detailing their findings in 2011. However, their findings went unresolved.
“By calling it a ‘new tool’ it means they don’t have to respond as urgently,” Stevens Le Blond, one of the researchers who wrote the paper, was quoted as saying by the Wall Street Journal. “It makes it seem like they just found out.”
Think you know security? Test yourself with our quiz.
AI-generated content such as video and images are going to be labelled by TikTok using…
Neuralink brain implant embedded in 29-year-old patient named Noland Arbaugh develops a fault, but is…
US agency seeks data from Tesla on Autopilot recall, amid reports US prosecutors are probing…
The United States reportedly considers restricting China and Russia's access to AI models found in…
New child safety laws sees Ofcom calling on tech firms to “tame toxic algorithms” to…
Another u-turn? Former Twitter boss Jack Dorsey suddenly quits Bluesky's board of directors, and calls…