According to security researchers, Skype contains a flaw that makes it possible for a clever hacker to track and spy on Skype users, particularly those who use the mobile app. It’s not social engineering, nor is it an infiltration of the service itself, but rather a bit of ingenuity.
When a call is made from one Skype user to another, certain packets are sent to start the call. If the right packets are blocked by the caller, then the recipient’s end of the call can be slightly delayed, and the call disconnected before any notification appears. The caller, however, will have obtained return packets containing the recipient’s IP address.
An IP address in itself can be bad news when it ends up in the wrong hands, but the flaw is deeper still. It’s possible to geolocate an IP address, and if a user has a mobile device with a data connection and Skype installed, a hacker could make numerous terminated calls to roughly work out the user’s movements.
Researchers also found that this method could be used to expose people using BitTorrent. Once an IP address was obtained through Skype, it could be compared to BitTorrent users in an attempt to find a match. The methods used were not targeted (out of 50,000 users, only 400 were matched with a Skype account) but does open the possibility of random blackmail by hackers or investigation by law enforcement.
How do you stop this threat? Your options are limited. Firewalls do not help unless you block Skype entirely. Blocking unknown contacts doesn’t work, either – the initial packets are still sent. It’s really up to Skype to fix this issue by changing their code. In the meantime, if you love to fileshare and you also use Skype, maybe you should stop one of those two activities.