updated 05:15 am EST, Fri December 9, 2011
Skype flaw allows geo-tracking of users
Researchers have uncoveredwhat looks like a serious security flaw in Skype that could easily allow a hacker to track a user's movements as well their P2P file-sharing activity. Scientists from New York University's Polytechnic Institute monitored 10,000 random Skype users and 20 volunteers over a two-week period discovered the vulnerability. They found that callers using VoIP can obtain the IP address of another user simply by calling them allowing them to use geo-IP mapping services to determine their location and ISP.
A malicious caller could initiate a Skype call, block certain data packets and then terminate the call almost immediately to obtain their IP address without the other party even being alerted to the call with a ringtone or other notification. Worse, the hacker does not need to be on the victims contact list, while the hack can still be accomplished even when a Skype user takes the time to configure the app to block calls from non-contacts.
In one example, the scientists tracked a Skype user holidaying in New York to Chicago and then back to their homeland in France. According to the researchers, a simple an inexpensive fix could stop the hackers from making the initial discovery. Skype is said to be working on a fix.
This is not the first time that Skype users have been potentially exposed to hackers. Earlier this year, Skype users on Android were left vulnerable to a code exploit that allowed hackers to obtain a user's personal information.