Newly found Skype exploit can reveal user's IP address [Update]

If you are using Skype, you might want to be aware of a newly discovered exploit that could be used by other Skype users to discover your remote and local IP addresses. A post on the skype-open-source  blog site (via News.com) reveals the details of this exploit.

The process is unfortunately pretty simple. First, a person can download a hacked version of SkypeKit and then change a few registry keys. Then all that person has to do is try to add a new Skype contact name in the program. The IP addressees are revealed when you click on a Skype user's information card. You don't even have to send a contact confirmation notice to that user, which means he or she will be unaware that you are viewing their IP addresses.

This method could be used to find out a Skype user's country and city, along which ISP he or she is using. It could also be used by hackers to go after a particular PC.  However, it only seems to work if a Skype user is online at the time. We have  contacted Skype for comment on this exploit and if they have plans to fix it.

Update - Microsoft sent over a statement from Adrian Asher, director of product security for Skype.

We are investigating reports of a new tool that captures a Skype user’s last known IP address. This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the safety and security of our customers and we are takings measures to help protect them.

Report a problem with article
Previous Story

Angry Birds Space gets 50 million downloads in 35 days

Next Story

Windows 8 Metro inspired MySites for Chrome released

9 Comments - Add comment