In association with heise online

30 April 2012, 16:53

Skype divulges user IP addresses - Update

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Skype logo According to a blog post, a modified version of the Skype VoIP software can be used to easily find out the IP address of any valid Skype user. No contact has to be made with the user in order to get the information. This IP could then be used to find out other personal details about the user, such as their location or even their employer.

With a certain registry key, the manipulated version of Skype will create a log file with information including other users' external and internal IP addresses. These IPs can be retrieved simply by opening up a user's profile with the Skype client. In a test conducted by The H's associates at heise Security, the log file always showed the correct IPs – and when a user was logged in with multiple clients, the IP addresses for all the clients were visible.

Zoom The web service reliably finds out Skype users' IP addresses
Shortly after this was discovered, a hacker known as "Zhovner" put together the web service. After a CAPTCHA has been submitted, the service can be used to find out IPs even without the special Skype client, and therefore without having to use a valid Skype account.

The service uses a modified version of Skype's SkypeKit SDK that is currently only available via BitTorrent, and Zhovner has put the necessary Python scripts on GitHub. In a post on Hacker News, Zhovner says that Skype has already banned his account, likely because of his experiments.

Update 03-05-12: According to Sophos, Skype, now owned by Microsoft, has known about the IP address security flaw since November 2010, when it was first disclosed to the company by researchers from the French Inria institute and the Polytechnic Institute of New York University.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit