Intersections’ Consumer Security Adviser Neal O’Farrell shares some security insights into the popular Internet phone service,Skype. Let the caller beware!
If, like me, you're one of the millions of people who use Skype to make phone and video calls, you might want to be aware of some serious security issues that are emerging.
Researchers at universities in New York, France, and Germany plan to publish a paper called "I Know Where You Are and What You Are Sharing,” at a major internet conference in Berlin next month. The paper promises to outline what many experts believe are major flaws in Skype that could be downright creepy.
The authors claim that the privacy weaknesses they are found are so easy to exploit, a sophisticated high school-age hacker would likely be capable of executing similar attacks.
Here's just an example of some of those risks:
- When person A calls person B using VoIP, person A is able to determine person B's IP address, and perhaps even their location and the name of their ISP.
- Attackers can get this information by calling a person and hanging up quickly so the recipient of the call will never even know — there's no ringing or pop-up window.
- An attacker can make some of these attacks even when they're not on the other user's contact list and even when they've been blocked from that user's list.
- By repeating some of the attacks on an hourly basis, the attacker can track the locations and movements of any Skype user over weeks or even months, without the user having any idea that he or she is being tracked.
- Marketers can easily link to information such as name, age, address, profession and employer from social media sites such as Facebook and LinkedIn in order to inexpensively build profiles on a single tracked target or a database of hundreds of thousands.
In one demonstration, the researchers tracked the Skype accounts of about 20 volunteers as well as 10,000 random users over a two-week period and were able to construct a detailed account of a user's daily activities even if the user had not turned on Skype for 72 hours.
According to their press release "In one example, they accurately tracked one volunteer researcher from his visit at a New York university to a vacation in Chicago, a return to a New York university, lodging in Brooklyn, then to his home in France. 'If we had followed the mobility of the Facebook friends of this user as well, we likely would have determined who he was visiting and when.'"
The researchers also calculated that it would cost a marketing company just $500 per week to create a database capable of tracking 10,000 Skype users.
Why target Skype? The very same reason hackers have relentlessly targeted Facebook and other social networking sites - because it's where the crowds are. Skype has more than 500 million registered users and around 170 million active monthly users who use it to make phone and video calls, send text messages, and even use it for corporate video conferencing.
And apparently it's not just Skype that's vulnerable but many other VOIP services. The authors of the report claim that "These findings have real security implications for the hundreds of millions of people around the world who use VoIP or P2P file-sharing services. A hacker anywhere in the world could easily track the whereabouts and file-sharing habits of a Skype user — from private citizens to celebrities and politicians — and use the information for purposes of stalking, blackmail or fraud."
Keep informed about the latest threats to your safety.