A security researcher has discovered a skype flaw that enables hackers to grab IP addresses. Alarmingly, it does not matter where the IP address leads to. The vulnerability exposes a person’s IP address even if the link shared on Skype is google.com.
In addition, using a virtual private network (VPN) does not protect users from the skype flaw. Ordinarily, the use of a VPN is with the intention to mask one’s location.
However, according to Yossi, the security researcher, hackers are able to grab a targets IP address. Once they do so , hackers can reveal a target’s physical location.
404 Media interviewed Yossi who pinpointed a reporter’s physical location. This was after the reporter opened google.com on skype. For proof, they tried it again with the link 404media.co and still got the same result.
Notably, the issue only applies to Skype’s mobile apps (iOS and Android). The flaw was not detected on the desktop application.
Microsoft not Reactive to Skype Flaw
After discovering the Skype flaw, Yossi, reported the issue to Microsoft earlier this month. Unfortunately, Microsoft responded to the researcher but not as expected. Microsoft stated that the issue does not require immediate servicing. The tech giant did not issue any direction on whether they are keen to work on a fix.
After follow up by 404media, Microsoft stated they will release an update that will patch the flaw. However, there is no timeline for when to expect the update. For users, this means they still remain at risk to hackers.
The Skype flaw exposing physical location puts all kinds of users at risk. In a world where journalist and activists are abducted, this is a serious concern. Only this year, Microsoft was in trouble after US government emails were hacked through Microsoft Azure.
Skype is is a popular service for text and video call among its users. In contrast, WhatsApp has recently released an update that will further protect users IP addresses and hide user locations.