Users
of the world’s most popular Internet telephony service may be
inadvertently putting themselves at risk of having their physical
location and other personal details stolen, experts warn.
Tracking
the Skype activities of 20 volunteers and a random sample of 10,000
other users over two weeks, researchers at New York University’s
Polytechnic Institute found hackers could not only discover where each
user placed each call, but also their peer-to-peer (P2P) file-sharing
activity. Their findings were published last month and reported by security software provider Symantec Corp. on Thursday.
“A
hacker anywhere in the world could easily track the whereabouts and
file-sharing habits of a Skype user – from private citizens to
celebrities and politicians – and use the information for purposes of
stalking, blackmail or fraud,” Keith Ross, professor of computer science
at NYU-Poly, warns in a news release.
Even
if a user does not log into Skype for as much as 72 hours their
information is still accessible, the researchers said. Malicious callers
do not need to be on a users contact list to track their location and
the data can even be obtained if the user configures their Skype account
to block calls from non-contacts.
In
one example described in their findings, the researchers were able to
accurately follow one of their 20 volunteers from New York to a vacation
in Chicago, a return to a New York, lodging in Brooklyn, then home to
France.
“If
we had followed the mobility of the Facebook friends of this user as
well, we likely would have determined who he was visiting and when,” the
authors said.
In
another experiment, the researchers compared the most popular downloads
on commonly-used P2P services such as BitTorrent, eMule and Xunlei.
Once they had discovered a user’s IP address (which allows them to find a
users physical location through their Internet Service Provider or ISP)
through Skype, the researchers were able to determine which files had
been transferred to that address.
“A
fairly straightforward and inexpensive fix would prevent hackers from
taking the critical first step in this security breach – that of
obtaining users’ IP addresses through inconspicuous calling,” the
authors conclude.
Skype, which was acquired for US$8.5-billion in cash by Microsoft Corp. seven
months ago, proclaims itself as the world’s largest voice over Internet
protocol (VoIP) provider. More than 600 million people have registered
for the service since it was launched in 2003 and
Skype reportedly accounts for 20% of all overseas voice calls.
“Just
as with typical Internet communications software, Skype users who are
connected may be able to determine each other’s IP addresses,” Adrian
Asher, chief information security officer, told the Financial Post in an emailed statement.
“Through research and development, we will continue to make advances in this area and improvements to our software.”
No comments:
Post a Comment