Skype Vulnerability Threatens Illegal File-Sharers

When people want to talk with their friends or business associates through the Internet, they usually use Skype, which offers a lot of solutions to meet the demands of hundreds of millions users. However, the suspicion is that IP address and personal data can be monitored when you use Skype.


According to the recent study, an IP address of any Skype user can be tracked down and associated with any unauthorized P2P activities this IP (and, accordingly, the person behind it) may be committing. The researchers that carried out the study revealed that they can identify the person behind the IP address by using the data published by Skype users in their directory, like name, address, and birth date. This could be done due to a major vulnerability in the company’s privacy system.

Nevertheless, the researchers claimed that using this method you are likely to identify only the computer, but not the user, perhaps because not everyone provides their real information, let alone proxies and other means to keep the identity hidden. Despite the fact that Skype was notified about the problem back in May, when it was acquired by Microsoft, they didn’t solve the issue.

Indeed, just as with common Internet communications applications, Skype users connected to each other are able to track down others’ IP addresses. Although you only need to push a button to make a call through Skype, behind this technology there is an entire network of P2P routing systems supposed to keep your identity protected. Now, it seems that the system ensuring that your address is anonymous-proof failed, and so the other users are now able to track sent packets and thus learn IP addresses.

The researchers created a Skype tracker which selected 100,000 identified users, and a software application that could collect BitTorrent file identifiers, i.e. a BitTorrent crawler to gather IP addresses on the network plus a verifier to match a Skype user with a BitTorrent user. However, even if a Skype user and a BitTorrent user share the same IP, it isn’t a complete proof of violation. But the developed system appeared to be quite efficient to identify around 52% of the verified users. The results showed that only 400 out of 100,000 Skype users were surely using BitTorrent application. Meanwhile, only 2 users filled their first names and just one risked to put in his real home address.