Skype Security Flaw Gives Away IP Addresses

A new security flaw has been uncovered in Skype, one that could provide hackers with easy access to a Skype user’s IP address.

The chink in the chat program’s armor was uncovered by researchers from Europe and the United States, who found a way to see which files Skype users are downloading on BitTorrent. Once a Skype user has been tied to a particular download, it’s a quick and easy step to accessing publicly available data from the BitTorrent DHT network.

On said network, many users share full contact details, including their full name, city and country. In their paper, titled “I Know Where You are and What You are Sharing,” researchers stated this could lead to blackmail, stalking, scamming, or fraud.

The flaw can reportedly be exploited without the user’s knowledge, and can be executed on a massive scale. The reserch team demonstrated this by scheduling hourly calls to tens of thousands of Skype users.

But perhaps the most worrying factor of this story is Skype’s apparent indifference. Not only has no fix materialized, but researcher Stevens Le Blond told TorrentFreak:

“We contacted Skype almost one year ago but the attack is still effective.”

Keith Ross of the Polytechnic Institute of New York University added:

“We believe this could be used by various people to stalk, blackmail, or defraud Internet users in general and P2P filesharing users in particular. A hacker anywhere in the world could easily track the whereabouts and file-sharing habits of a Skype user – from private citizens to celebrities and politicians – and use the information for purposes of stalking, blackmail or fraud.”

Incidentally, you’ve got to love Fox’s angle on this, which dresses the flaw up as a terrorist catastrophe waiting to happen. Because you must never stop being afraid.