Newly found Skype exploit can reveal user's IP address [Update]

If you are using Skype, you might want to be aware of a newly discovered exploit that could be used by other Skype users to discover your remote and local IP addresses. A post on the skype-open-source  blog site (via reveals the details of this exploit.

The process is unfortunately pretty simple. First, a person can download a hacked version of SkypeKit and then change a few registry keys. Then all that person has to do is try to add a new Skype contact name in the program. The IP addressees are revealed when you click on a Skype user's information card. You don't even have to send a contact confirmation notice to that user, which means he or she will be unaware that you are viewing their IP addresses.

This method could be used to find out a Skype user's country and city, along which ISP he or she is using. It could also be used by hackers to go after a particular PC.  However, it only seems to work if a Skype user is online at the time. We have  contacted Skype for comment on this exploit and if they have plans to fix it.

Update - Microsoft sent over a statement from Adrian Asher, director of product security for Skype.

We are investigating reports of a new tool that captures a Skype user’s last known IP address. This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the safety and security of our customers and we are takings measures to help protect them.

Previous Story
Angry Birds Space gets 50 million downloads in 35 days
Next Story
Windows 8 Metro inspired MySites for Chrome released