James Delahunty
10 Dec 2011 9:06
Flaws in Skype expose users.
The NYU-Poly website is reporting on an issue with how Skype calling works that can allow an attacker to retrieve the IP address of another user easily. Of course, callers using VoIP systems can obtain the IP address of another user when establishing a call with that person, but there are problems with how easily this can be done using Skype and any other user.
A malicious user could, for example, initiate a Skype call, block some packets and then quickly terminate the call. In that case, they could obtain the IP address of the target user with alerting them with any pop-up window or ringing sound.
To make it worse, the user does not have to be on a contact list, and the trick works even when a user has configured Skype to block calls from non-contacts. These days, IP addresses can be fed to a number of commercial geo-IP mapping services to determine location information, in cases.