Skype Beta Plugs IP Resolver Privacy Leak

A few months ago, I warned readers that a glaring privacy weakness in voice-over-IP telephony service Skype allows anyone using the network to quickly learn the Internet address of any other Skype user. A new beta version of the popular Microsoft program appears to have nixed that privacy leak with a setting that restricts this capability to connections in your Skype contacts only.

A new privacy feature in Skype Beta 6.5 for Windows and Mac 6.4

A new privacy feature in Skype Beta 6.5 for Windows and Mac 6.4

As I wrote on March 21, 2013,  number of services have emerged to help snoops and ne’er-do-wells exploit this vulnerability to track and harass others online. For example, an online search for “skype resolver” returns dozens of results that point to services (of variable reliability) that allow users to look up the Internet address of any Skype user, just by supplying the target’s Skype account name.

The resolvers can look up the IP address of any Skype user — whether or not that user is in your contacts list or even online at the time of the lookup. What’s more, resolver services frequently are offered in tandem with “booter” or “stresser” services, essentially sites that will launch denial-of-service attacks against a target of your choosing.

Apparently in response to this problem, Microsoft has added a new option to its Skype 6.5 Beta, released April 30, that allows users to allow direct connections to your contacts only. The information tab on this option, found under Skype->Options->Connection, says “When you call someone who isn’t a contact, we’ll keep your IP address hidden.”

I pinged Microsoft for an answer as to whether this feature was designed to plug the privacy leak exposed by resolver services. The company declined to say specifically what it may have changed about the Skype network and/or its software to address this problem, but it attributed the following emailed statement to a “Skype spokesperson;”

“Skype for Windows Beta 6.5 and Mac 6.4 now offer the option to prevent people not on your contact list from viewing your IP address. With this beta program, only your contacts will be able to access this information. We are allowing users to test this new security function and welcome any feedback as we continue to improve the communication experiences on Skype.”

I tested this beta version of Skype against a free Skype resolver service that has been reliable in the past at looking up IP addresses tied to specific Skype accounts. When I ran it against my everyday account using and older version of Skype, it successfully found my home IP. When I created a new Skype account with the Skype 6.5 beta on a separate machine, enabled the privacy feature and then tried the lookup again, it failed to locate my IP.

I should note that some Skype resolvers will cache previous lookups. That means if your Skype username has previously been looked up at a Skype resolver service, that service may show the correct IP for your Skype username if your IP address hasn’t changed since the last lookup.

Оставьте комментарий