A team of international researchers uncovered some flaw in Skype that can allow a hacker to track and spy on Skype users. The flaw lets hackers to determine the IP address of the Skype user thereby indicating the ISP and location of the user through any geo-IP mapping services. One can even be traced even behind a firewall.

How informations are revealed

When a call is being established between two users some packet data are exchanged. These packets contain information about both users including their IP address. Thus, a malicious caller can obtain a callee's IP address by just initiating a Skype call. Then he may quickly terminate the call without callee's notice. No matter whether the call established or not, the caller will get the IP address of the callee. Thus the location and ISP of the callee is revealed.

Such an attack can be performed even when the caller is not on callee's contact list and is totally strange to the callee. No matter whether the receiver has blocked all calls from non-contacts. Strangers can call and get informations even when the callee doesn't answer.

What the researchers team says

The team uncovered several other properties of Skype that can track not only users' locations but also their file-sharing activity. To prove this, they called 10,000 random Skype users every hour for two weeks to discover where they were.

In another experiment, they queried over 50,000 most popular downloads on Bit Torrent. When a common IP address was found on both Skype and Bit Torrent, the researchers were able to determine those files that were downloaded or shared by Skype users.

The researchers informed Skype and Microsoft about their findings. Microsoft's Security Response Center is in touch with members of the research team.
Post tagged in: InternetSecurity