Skype security flaw, IP addresses and torrent activity traced

by Steven Williamson on 26 October 2011, 11:20

Tags: Skype

Quick Link: HEXUS.net/qa7s5

Add to My Vault: x

Researchers at New York City University have uncovered a security flaw in Skype that allows hackers to track users’ locations and view peer-to-peer file sharing activity.

The problem isn’t just related to the Skype service either, but also other VOIP applications.

"These findings have real security implications for the hundreds of millions of people around the world who use VoIP or P2P file-sharing services," says Keith Ross of the Polytechnic Institute of New York University, referring mainly to the half-billion registered members of Skype’s online voice and video service and millions of torrent site users worldwide.

"A hacker anywhere in the world could easily track the whereabouts and file-sharing habits of a Skype user - from private citizens to celebrities and politicians - and use the information for purposes of stalking, blackmail or fraud."

Skype security under scrutiny


In his findings, Ross refers to the ability of hackers to gain IP addresses from VOIP services, which can then allow them to pin-point locations with commercial software. During the investigation, researchers were able to build up a detailed account of a user’s daily activities finding out specific movements of a volunteer who used Skype to talk about his holiday and visit to friends.

"If we had followed the mobility of the Facebook friends of this user as well, we likely would have determined who he was visiting and when," said Ross.

The University professors believe that the security implications could be vast.

“For example, an attacker could get all the Skype IDs for all the politicians in Canada and the U.S., then launch an attack, get their location and, if anyone is in a suspicious location, you could blackmail someone,” warned Ross.

“It’s bad if you’re concerned about your privacy. A parent could track their children, or a spouse could track the location of his or her spouse. An employer could track all his employees.”

Other research, which involved 10,000 anonymous Skype users and 20 volunteers, allowed the University to match up IP addresses from Skype and BitTorrent to work out which files users were sharing and downloading.

Skype’s chief information security officer Adrian Asher has been quick to respond to the University’s experiment, assuring customers that it is working on security improvements.

“We value the privacy of our users and are committed to making our products as secure as possible,” reads a statement from the company.

“Just as with typical Internet communications software, Skype users who are connected may be able to determine each other’s IP addresses. Through research and development, we will continue to make advances in this area and improvements to our software.”

The NYC University professors believe that it’s a problem which can easily be fixed by redesigning the Skype protocol. The full findings of the report entitled "I Know Where You Are And What You Are Sharing" are set to be revealed next week at a computer conference in the Berlin, Germany.


HEXUS Forums :: 2 Comments

Login with Forum Account

Don't have an account? Register today!
People can get your IP from anywhere, forum mods here can get our IPs, people will send emails with links to hosted images they can get your IP the list is endless. Your public IP is just that, public, that is the point of it.

Mobile phone tracking is the real worry in my eyes.
Jay
Mobile phone tracking is the real worry in my eyes.

Yup, all these people that have phones that you cant take the battery out of and have GPS are prime targets, always power going to the phone means it can always be tracked unless its drained totally..