The Tech News Blog

Skype Vulnerability Allows IP Snooping

April 30, 2012

Microsoft is reportedly looking into a vulnerability that allows a third party to determine the IP address of a member using the Skype network.

Last week, someone posted a an exploit of that vulnerability within the Skype network on Pastebin, providing details of how to download a modified or patched version of Skype 5.5 that would allow the exploit to be run.

Separately, Skype also released a small update to its iOS app that allowed the user to move his preview video window, and that the app would automatically restart if it crashed. French iOS hacker b0zon also claimed Monday morning that the Skype iOS update also automatically detects an iPhone that has been "jailbroken," but did not disclose what happened then.

According to the Pastebin instructions, the attacker could turn on the file creation for a debugging log, then "add a Skype contact" without actually sending an invitation. Viewing the virtual business card (or vCard) of a Skype user will generate the IP address of the target within the log file, according to the Pastebin instructions.

"The record will be like this for real user ip: -r195.100.213.25:31101 And like this for user internal network card ip: -l172.10.5.17" the Pastebin instructions say.

From there, the attacker can use a whois server to gain more information about the target, the Pastebin instructions concluded.

"Claudius," a community manager on the Skype forums, said that Microsoft was aware of the issue. "Hello, yes, our security experts are aware of it and looking into it already," he posted Monday morning.

Microsoft representatives did not immediately respond to requests for additional comment. Over 100 billion minutes of calls were placed on Skype during the first calendar quarter, officials said recently, representing 40 percent growth compared to the same period a year ago.

Skype became part of Microsoft in October 2011, after Microsoft paid a whopping $8.5 billion for the company. Skype recently landed on Windows Phone and the PlayStation Vita, with hints that it may soon end up on the Xbox.

Cell Phones Televisions Digital Cameras Computers Shop All Electronics