Pinterest Stumbleupon Whatsapp

According to security researchers, Skype contains a flaw that makes it possible for a clever hacker to track and spy on Skype users, particularly those who use the mobile app. It’s not social engineering, nor is it an infiltration of the service itself, but rather a bit of ingenuity.

When a call is made from one Skype user to another, certain packets are sent to start the call. If the right packets are blocked by the caller, then the recipient’s end of the call can be slightly delayed, and the call disconnected before any notification appears. The caller, however, will have obtained return packets containing the recipient’s IP address.

An IP address in itself can be bad news when it ends up in the wrong hands, but the flaw is deeper still. It’s possible to geolocate an IP address, and if a user has a mobile device with a data connection and Skype installed, a hacker could make numerous terminated calls to roughly work out the user’s movements.

Researchers also found that this method could be used to expose people using BitTorrent. Once an IP address was obtained through Skype, it could be compared to BitTorrent users in an attempt to find a match. The methods used were not targeted (out of 50,000 users, only 400 were matched with a Skype account) but does open the possibility of random blackmail by hackers or investigation by law enforcement.

How do you stop this threat? Your options are limited. Firewalls do not help unless you block Skype entirely. Blocking unknown contacts doesn’t work, either – the initial packets are still sent. It’s really up to Skype to fix this issue by changing their code. In the meantime, if you love to fileshare and you also use Skype, maybe you should stop one of those two activities.


Source: FuturityScribed

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. kurapix
    October 31, 2011 at 9:14 am

    I do not see what is so special about this ... it is not a hack really ...

    Skype work in P2P so there really is no surprise about being able to get the IP of a person with some sniffing.

    Basically, when a user connect to Skype, it first authenticate to a server owned by the company.
    Then when the user try to call another user, the server transmit to their respective Skype software what ports they are using (for punching a hole).
    The clients now connect together through those ports.

    That is why it works even behind a firewall or a NAT, thanks to hole punching.

    By the way, if you have a properly configured your firewall, you should not be worried about getting hacked by a remote exploit used by a malicious hacker.
    And you should be cautious about what you are clicking on.
    Applying those simple rules will help you hinder 95% of the actual existing threats.

    • Jeff Fabish
      October 31, 2011 at 11:28 am

      Hi Purapix,

      I actually did not know that Skype was P2P.

      However, I do know that since this attack uses a man in the middle approach, a firewall will not be sufficient. To my knowledge, you're extremely limited in prevention of MITM attacks, encryption being the only viable option. Encryption doesn't even stop it from being sniffed, just viewed. In fact, the issue here is that the packets aren't forwarded after being sniffed, preventing the user from knowing he or she was even receiving a call. 

      • M.S. Smith
        October 31, 2011 at 5:39 pm

        Thanks Jeff, that's about how I would reply, but you put it better than I could.

  2. Jeff Fabish
    October 24, 2011 at 11:58 pm

    It seems a bit strange that a connection would be established without a handshake, whereby all parties are notified of the connection. Modern firewalls are able to block both gratuitous and incomplete requests, but since I assume Skype uses UDP for pretty much everything, that's not much help.

    You can always launch Wireshark and monitor port 443 for TCP Triggers (filter: 'Skype'), since Skype uses a 80 for outbound traffic and one random port for application data, 443 will have to be poked. This will only work if you're not browsing a website with SSL enabled (443) and you're not running a web server (on 80) or else you'll see a bunch of false positives. After initial login, application data should only be transfered on 443 for a new Skype connection (calling inbound/outbound/messaging).

    If it's only Skype (as an application) that's effected, you should be able to get away with using an alternative messenger that supports Skype.

    • M.S. Smith
      October 25, 2011 at 1:51 am

      I'm not sure an alternative messenger would work. Presumably they still use Skype's code in order to be compatible with Skype. But I am not a programmer - I'd be interested to hear the thoughts of anyone more familiar with the nitty-gritty of it.