Quantcast

Skype Hack Reveals Users’ IP Addresses

May 2, 2012

It has been found that a Skype hack using a copy of SkypeKit reveals a user’s external and internal IP addresses.

The script showcasing the hack has been uploaded to GitHub, and its creator made a proof-of-concept website, reports Jamie Keene for The Verge.

The altered version of SkypeKit allows the hack to bypass the certificate authentication that is normally used when Skype verifies the app.

Using the SkypeKit, a person can simply type in their target’s username, type in a CAPTCHA code, and an IP address pops up almost immediately.

With the information provided by the hack, a cybercriminal would be able to pinpoint the exact location of a computer, and also leave them open to a denial of service attack.

A Skype spokesperson said in a statement that the company is investigating the reports that are surfacing.

“We are investigating reports of a new tool that allegedly captures a Skype user´s last known IP address,” the spokesperson said in an emailed statement to ghacks.net. “This is an ongoing, industry-wide issue faced by all peer-to-peer software companies.

Skype uses a peer-to-peer system to route its data traffic, but its encryption system is proprietary, which has prompted caution from security experts.

“We are committed to the safety and security of our customers and we are taking measures to help protect them,” Skype said.

Users who are worried about broadcasting their IP addresses could use a virtual private network (VPN) so data appears to come from a different country.  A user could also use The Onion Router (TOR), which shows an inaccurate IP address when browsing the Internet, anonymizing the service to make it difficult to track the actual IP address.

This is not the first time Skype has acknowledge an issue involving its users IP addresses.  A research paper published back in October last year showed how the IP address could be resolved, and linked to BitTorrent usage.


Source: RedOrbit Staff & Wire Reports



comments powered by Disqus