Detecting Skype security holes that can leak user IP addresses

Before the COVID-19 pandemic appeared and somewhat disturbed the market of interactive online services, Microsoft’s Skype was one of the dominant solutions in the field of video applications in particular and VoIP calls in general. all around the world. The pandemic appeared and the demand for online interaction exploded, leading to the introduction of a series of new services that made Microsoft’s platform gradually lose its position. Of course, Skype still has a significant user base, with millions of accounts online every day. But a recently discovered security incident may frustrate loyal fans of the service.

Accordingly, a serious vulnerability was recently discovered in Skype that is capable of exposing users’ IPs. Successful exploitation of the vulnerability allowed the hacker to obtain the IP address as well as the approximate geographical location of the target. The alarming aspect is that this breach can be accomplished with a simple link sent via the Skype mobile app. Notably, the recipient doesn’t even need to interact with the link – just opening the message is enough for an attacker to obtain an IP address. The only “good news” is that this issue only occurs with the mobile app, not affecting the desktop Skype app at all.

holder Detecting Skype security holes that can leak user IP addresses

An independent security researcher named Yossi was the first to bring this vulnerability to light and report it to Microsoft. And to our surprise, Microsoft initially downplayed the issue when it received the report, arguing that the IP address disclosure was not fundamentally a critical security hole that needed to be fixed. right away.

READ:  Vietnam signs cross-border payment agreement, users will be paid in VND in 5 Southeast Asian countries

After many protests from the user community, as well as security experts and the media, Microsoft seems to have emphasized that exposing IP addresses can lead to privacy violations, potential abuse in personal relationships and even more invasive types of cyberattacks – something the company has always tried to avoid. Microsoft has finally acknowledged the seriousness of the situation and committed to addressing the vulnerability in an upcoming patch.

As of now, the problem has not been fixed. It is only a matter of time before Microsoft releases a fix patch. However, based on the company’s initial response, experts say that this vulnerability is unlikely to have really received a high priority. So for now, if you’re using Skype from your smartphone, consider adding a VPN to protect yourself while you wait for an official solution from Microsoft.