Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Microsoft Finally Hides IP Addresses by Default in Skype

Microsoft has released an updated version of its popular Skype Voice-over-IP (VoIP) application that now hides users’ IP addresses by default.

Microsoft has released an updated version of its popular Skype Voice-over-IP (VoIP) application that now hides users’ IP addresses by default.

The ability to hide IP addresses was added to Skype recently, and the company has decided to enable it by default in the latest version of the communications app. This privacy enhancement will be available for both desktop and mobile users, Microsoft revealed in a blog post.

The issue with Skype revealing users’ IP addresses was discovered in November 2010, when researchers from French research institute Inria and the Polytechnic Institute of New York University informed Skype on the matter. In October 2011, the researchers published their findings on this security flaw and revealed that it allowed them to track thousands of users for several weeks.

In May 2012, Skype, which became part of Microsoft in the meantime, was still looking into the matter, claiming at the time that it was investigating a “new tool” that could be used to capture user IP addresses. However, the company needed roughly four more years to include a fix for this bug in the VoIP service and to deliver it to its users.

The vulnerability made it possible for anyone to find the IP address of a Skype user, as long as they knew the username. Online tools called Skype resolvers were created to locate the IP address of Skype users by circumventing their settings, and guides on how people without advanced computer knowledge could do so also appeared (and are still available) on the Internet.

The implications of this security flaw extend beyond simple user privacy and affect consumers and business users alike. By obtaining the IP address of a Skype user, hackers can then easily find their physical location and can target the person directly, not only their online persona.

By obtaining the IP address of a business user, hackers can then try to breach the system and steal sensitive information, and could even use it as their entry point to compromise an entire corporate network.

From Microsoft’s point of view, gamers will be those to benefit from the updated Skype functionality the most, as it would be more difficult for attackers to target their systems without knowing their IP address. Online gaming has become an important source of revenue for cybercriminals, and reducing attack surface should keep the community safe.

“Starting with this update to Skype and moving forward, your IP address will be kept hidden from Skype users. This measure will help prevent individuals from obtaining a Skype ID and resolving to an IP address. You can find this update in the latest versions of Skype on desktop and mobile devices,” Microsoft notes.

Related: Microsoft Patches Windows Vulnerability Exploited in the Wild

Related: Microsoft Fixes Critical Vulnerabilities in Windows, IE, Edge

Written By

Click to comment

Expert Insights

Related Content

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Privacy

The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Computer maker Lenovo has started pushing security patches to address three vulnerabilities impacting the UEFI firmware of more than 110 laptop models.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...