Posted on 11th May 2012 @ 11:43 AM
Communications technology is an ever-growing field. There are many different ways to communicate on the market. One of the newest and most popular was to communicate today is through services provided by Skype and companies like it. With Skype, you are able to talk to a person through your computer an see and hear them as if they were right there in the room with you. This is truly a modern marvel of communications technology. However, with all of these latest advancements also comes a new wave of threats. Evidently, Skype has sent out a warning to all of its users about a new website that was created specifically for logging the IP addresses of all its users. This site will allow anyone to find a Skype user’s IP information simply by typing in their username.
It is a piece of online script that allows people to view the IP addresses of Skype users. This script can be uploaded to many websites, allowing several people to find your IP information with ease. With an IP address, a hacker can learn everything he needs to know about you, such as where you live and your internet service provider. This will make it much easier for him to see your online transactions, which included both personal and financial information.
For the people who use this illegal service, it is very easy to find anyone. All someone has to do is enter the username of a Skype user, fill out the security captcha, and initiate the search. The results will be almost instant, and you will receive the user’s IP address and port, as well as their local IP address.
Adrian Asher, director of product Security, Skype “We are investigating reports of a new tool that captures a Skype user’s last known IP address. This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the safety and security of our customers and we are takings measures to help protect them.”
The proof of concept is fairly simple. All an attacker needs to do is download a special Skype variant and alter a few registry keys to enable debug-log file creation. When adding a Skype contact, before sending the actual request, the victim’s information card can be viewed. At this point, the log file records the user’s IP address.
The software, posted on Pastebin, works on a patched version of Skype 5.5 and involves adding a few registry keys that allow the attacker to check the IP address of users currently online. Services like Whois will then give some other details on the city, country, internet provider and/or the internal IP-address of the target.
This particular flaw was discussed in a paper presented by an international team of researchers in November at the Internet Measurement Conference 2011 in Berlin.
There is currently no way of protecting yourself against the lookup of the IP address, other than not logging in to Skype when the software is not needed. The only other option would be the use of a virtual private network or proxy to hide the IP address from users who look it up.