Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Microsoft Finally Hides IP Addresses by Default in Skype

Microsoft has released an updated version of its popular Skype Voice-over-IP (VoIP) application that now hides users’ IP addresses by default.

Microsoft has released an updated version of its popular Skype Voice-over-IP (VoIP) application that now hides users’ IP addresses by default.

The ability to hide IP addresses was added to Skype recently, and the company has decided to enable it by default in the latest version of the communications app. This privacy enhancement will be available for both desktop and mobile users, Microsoft revealed in a blog post.

The issue with Skype revealing users’ IP addresses was discovered in November 2010, when researchers from French research institute Inria and the Polytechnic Institute of New York University informed Skype on the matter. In October 2011, the researchers published their findings on this security flaw and revealed that it allowed them to track thousands of users for several weeks.

In May 2012, Skype, which became part of Microsoft in the meantime, was still looking into the matter, claiming at the time that it was investigating a “new tool” that could be used to capture user IP addresses. However, the company needed roughly four more years to include a fix for this bug in the VoIP service and to deliver it to its users.

The vulnerability made it possible for anyone to find the IP address of a Skype user, as long as they knew the username. Online tools called Skype resolvers were created to locate the IP address of Skype users by circumventing their settings, and guides on how people without advanced computer knowledge could do so also appeared (and are still available) on the Internet.

The implications of this security flaw extend beyond simple user privacy and affect consumers and business users alike. By obtaining the IP address of a Skype user, hackers can then easily find their physical location and can target the person directly, not only their online persona.

By obtaining the IP address of a business user, hackers can then try to breach the system and steal sensitive information, and could even use it as their entry point to compromise an entire corporate network.

From Microsoft’s point of view, gamers will be those to benefit from the updated Skype functionality the most, as it would be more difficult for attackers to target their systems without knowing their IP address. Online gaming has become an important source of revenue for cybercriminals, and reducing attack surface should keep the community safe.

Advertisement. Scroll to continue reading.

“Starting with this update to Skype and moving forward, your IP address will be kept hidden from Skype users. This measure will help prevent individuals from obtaining a Skype ID and resolving to an IP address. You can find this update in the latest versions of Skype on desktop and mobile devices,” Microsoft notes.

Related: Microsoft Patches Windows Vulnerability Exploited in the Wild

Related: Microsoft Fixes Critical Vulnerabilities in Windows, IE, Edge

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Endpoint Security

Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.