 |
Researchers at the Polytechnic Institute of New York University initiated video calls to 10,000 randomly selected Skype users and discovered that even when a recipient does not accept the incoming call, the user’s Internet Protocol, or IP, address can still be vulnerable to theft.
Armed with an IP address, hackers can uncover specific information about victims, including who they chat with, what they download while online, and in many cases, their zip-code specific location.
For example, the researchers were able to track one Skype user through three different cities during the experiment. The ability to keep tabs on a user may be an immediate nuisance, but the larger implications are alarming. Criminals, terrorists, and hackers may use the security flaw to glean locations of government officials, corporate leaders, politicians, and celebrities.
Computer science professor and study researcher Keith Ross told the New York Post, “Any sophisticated high school or college hacker could easily do this,” and emphasized that “the findings have real security implications for the hundreds of millions of people around the world who use VoIP or P2P file-sharing services.”
Skype, now owned by Microsoft, boasts 171 million registered users around the world, who may wonder how such a major security flaw escaped notice.
Several sources reported Skype was notified of the IP security gap at least a year ago, and the latest flaw isn’t the first. The company experienced a security glitch with its Android mobile phone app least year that exposed users’ cell phone numbers, profiles, chat logs, and more.
Skype Tuesday said it will address the issue. “We value the privacy of our users and are committed to making our products as secure as possible,” said Adrian Asher, chief information security officer for Skype. “Just as with typical Internet communications software, Skype users who are connected may be able to determine each other’s IP address. Through research and development, we will continue to make advances in this area and improvements to our software.”
Skype’s reputation and bottom line may take a hit if users don’t feel safe using the service, and with no specific time frame for a solution, the company may see a decline in video calling, which may fuel advertising and investor concerns. As a Microsoft acquisition, Skype is set to be deeply integrated into Windows software in the future, and considering Windows’ widespread usage, the company may have to shore up security fast in order to escape larger security concerns.
In the meantime, Professor Ross advises Skype users to keep the service turned off unless they are expecting a call, and not to use their real names as their Skype user names.
No comments:
Post a Comment
Thank you for your Commenting...