SKYPE Privacy Flaw: What Happened?

Sunday, May 20, 2012

Theresa Payton

D13f77e036666dbd8f93bf5895f47703

We talk to you every week about ways to protect your privacy, but sometimes online services providers just don’t seem to care.

We recently learned that Skype has known about a security bug that shows your IP address, which can let someone track you and your account down to the city level.

How long have they known about it?  According to one group - for 18 months!  

What we know so far is that with this hole, someone can see your information and pull the city, country, internet provider and IP address connected to you.  

That’s just shy of your GPS coordinates and downright creepy!  Luckily, cyber expert Theresa Payton found out about this issue and she has some pointers for us.

WHAT WE KNOW:

1.  A research team from Inria in France and the Polytechnic Institute of New York University tested Skype in November 2010 and found they could track users down to the city they lived in for two weeks.  They reported it to Skype.

2.  They tested the same issue again and the hole was still wide open.

3.  The researchers masked a call to Skype users and hid it from call histories as if they were never there.  The account never had to answer the hidden call for the team to get a packet back of information.

4.  The “hidden call” allowed the team to pull information back about the person they called.

THE ISSUE:

1.  You can track a person down to within 700 yards based on an IP address.

2.  Someone could use this to track you and your whereabouts.

3.  For businesses that use this, someone can track your employees’ whereabouts.

4.  An IP address is a handy piece to a cyber criminal’s puzzle if they want to hack into your computer or device.

WHAT YOU CAN DO:

1.  Complain to Skype, via it’s new owner, Microsoft.

2.  Use a Skype alternative such as  iChat or FaceTime, Google Voice and Video Chat, AOL chat and video, Yahoo chat and video, ooVoo, and VoxOx.

3.  Keep in mind that these services will have glitches from time to time to track warnings for the product on their site as well as checking in at WBTV.com.

WEB RESOURCES:

Apple Products for Chat and Video:

Google Products for Chat and Video:

ooVoo:

VoxOx:

AOL Chat and Video:

Yahoo Chat and Video:

Theresa is also the co-author of the new book “Protecting Your Internet Identity: Are You Naked Online?” available in bookstores, libraries, and online at Amazon, Barnes and Noble, Books A Million and Google Play.

Cross-posted from Fortalice

Possibly Related Articles:
12958
Webappsec->General
Information Security
Privacy Application Security Skype internet geo-location IP Address Tracking online safety
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.