Home › News › Security
Skype flaw can reveal users' identity, location, filesharing habits
Security researchers have revealed vulnerability that could allow an attacker to identify a person, track their location and monitor their filesharing habits. In a paper titled "I Know Where You are and What You are Sharing: Exploiting P2P Communications to Invade Users' Privacy," the experts draw attention to real-time communication applications such as Skype.
The group discovered how to call Skype users without them realizing, allowing the caller to secretly nab someone's IP address. This is accomplished by blocking certain packets and quickly terminating the call before the recipient is alerted. It can performed even if the victim is connected behind an NAT firewall or if they specifically block calls from non-contacts.
An IP address can be geolocated with relative precision and many users connect from mobile devices, so an attacker could perform that stealth call and track someone's rough whereabouts over any given duration. The researchers tracked one volunteer from a New York university to Chicago, back to the school and Brooklyn lodging, then to his home in France.
Once you have someone's Skype identity, it's generally not hard to find them on other social platforms such as Facebook or LinkedIn. Among other things, this could reveal more details about your location. "If we had followed the mobility of the Facebook friends of this user as well, we likely would have determined who he was visiting and when," the authors said.
One could easily discover a victim's name, age, address, profession, employer and more. The researchers specifically noted that this could be abused by marketers to create an inexpensive profile database on targets. They estimated that it would cost a marketer $500 a week or less to track 10,000 users -- but the flaw has deeper implications than that.
In an experiment, the researchers scanned the top 50,000 BitTorrent files and linked 400 Skype users to downloads. Again, Skype users often share their full contact details, including their name and location. We doubt this information would (could?) be used by copyright regulators in court, but plenty of unsavory individuals would surely take advantage.
"We believe this could be used by various people to stalk, blackmail, or defraud Internet users in general and P2P filesharing users in particular," said Keith Ross of the Polytechnic Institute of NYU. "These findings have real security implications for the hundreds of millions of people around the world who use VoIP or P2P file-sharing services."
"A hacker anywhere in the world could easily track the whereabouts and filesharing habits of a Skype user -- from private citizens to celebrities and politicians." The researchers notified Skype about the issue nearly a year ago but it hasn't been resolved. They plan to present their paper at the Internet Measurement Conference 2011 in Berlin on November 2.
Related Stories
User Comments (10)
Post a comment|
Guest
on October 20, 2011 8:29 PM |
skype has always had these sorts of issues, hopefully microsoft, or whichever company bought it will fix it. |
|
spydercanopus
on October 20, 2011 9:34 PM |
How about the adware behavior in the last couple months where Skype will open a webpage within your browser with specials every time you reboot? |
|
Guest
on October 21, 2011 12:54 AM |
just when you thought it was safe to go back on the net, you find out you have to wear a bigger thicker tin-foil hat |
|
IvanAwfulitch
on October 21, 2011 2:11 AM |
An exploit that allows people like law enforcement and government officials to track you and potentially catch you doing something illegal. And you honestly believe that a flaw like that is unintentional. Riiiiight.... |
|
Gars
on October 21, 2011 3:53 AM |
about the Skype Home popup im using KSH (KillSkypeHome) for a several months find it very useful, especially the Nuke function on the topic, the news is very disturbing but not surprising at all |
|
Kibaruk
on October 21, 2011 7:00 AM |
I feel violated =s |
|
Guest
on October 21, 2011 7:24 AM |
Not that surprising, though since Microsoft has bought it I'm sure that will resolve some of these issues. I don't leave Skype running all the time, only when I need to make a call. I don't use Facebook, so no need to worry there. |
|
Guest
on October 21, 2011 8:22 AM |
There is a security loop hoe in Skype? Yikes, don't tell everybody. That is like announcing that somebody has a bad habit of keeping their car door unlocked and keys in the ignition in the newspaper. Someone might get a "good" idea. Keep it a secret until it is resolved. |
|
gLitCh32
on October 21, 2011 12:01 PM |
Announcing it will speed up the process because it puts pressure on them. I think that's a good thing, besides, they told Skype a year ago?? That should be plenty of time! |
|
spydercanopus
on October 21, 2011 2:01 PM |
IvanAwfulitch said: An exploit that allows people like law enforcement and government officials to track you and potentially catch you doing something illegal.
There ALWAYS seems to be an easily accessible, but little known exploit lately. Probably part of UN Agenda 21. |
Most Popular
| Trending | Featured |
-
iOS 5.1.1 untethered jailbreak tool released, supports 4S, iPad 3
-
After five days, Facebook ranks as worst IPO flop of the decade
-
Rumor: AMD "Piledriver" FX CPU production to begin Q3 2012
-
Is Apple's USB wall adapter really worth $29?
-
Google warns users infected with DNSChanger malware, provides help
Editors' Mouse Picks
Subscribe to TechSpot
Get free exclusive content, learn about new features and tech breaking news.
