October 25, 2011
Security Flaw Found With Skype And Other VoIP Services
Researchers from the Polytechnic Institute of New York University say that Skype can be used to track the locations of users over time and peek into their peer-to-peer file-sharing activity, Emma Woollacott for TG Daily reports.
The glaring security flaws uncovered in Skype, which claims more than a half-billion registered users, and other voice over IP (VoIP) systems potentially allow hackers to access user identities and locations.One report suggests that one in five overseas calls is made using the service and works even when a user blocked callers or used a Network Address Translation (NAT) firewall.
“Just as with typical Internet communications software, Skype users who are connected may be able to determine each other´s IP addresses.”
“Through research and development, we will continue to make advances in this area and improvements to our software,” Adrian Asher, Skype´s chief information security officer told FoxNews.com. Skype places a priority on security and safety, he added.
Keith Ross of NYU-Poly explains, “These findings have real security implications for the hundreds of millions of people around the world who use VoIP or P2P file-sharing services.”
“A hacker anywhere in the world could easily track the whereabouts and file-sharing habits of a Skype user - from private citizens to celebrities and politicians - and use the information for purposes of stalking, blackmail or fraud.”
When a call is initiated, the IP address of the recipient is revealed to the caller, who can then use commercial geo-IP mapping services to determine their location and Internet Service Provider (ISP).
Ross successfully tracked 10,000 randomly chosen Skype users over a two-week period, according to the New York Post. Researchers also used the flaw to successfully track one of their own as he traveled from New York to Chicago, back to New York and then to his home in France.
The flaw may also be a problem for other video chat services such as MSN Live, QQ and Google Talk, the researchers said.
On the Net: