A new Skype hack has been discovered and can be utilized by using a copy of SkypeKit that reveals a user’s external and internal IP addresses. The script showcasing the hack has been uploaded to GitHub, and its creator made a proof-of-concept website, reports Jamie Keene for The Verge.
The altered version of SkypeKit allows the hack to bypass the certificate authentication that is normally used when Skype verifies the app.
Using SkypeKit, one can simply type in their target’s username, type in a CAPTCHA code, and an IP address pops up almost immediately.
With the information provided by the hack, a hacker would be able to pinpoint the exact location of a computer, and also leave them open to a denial of service attack.
A Skype spokesperson said in a statement that the company is investigating the reports that are surfacing.
“We are investigating reports of a new tool that allegedly captures a Skype user’s last known IP address,” the spokesperson said in an emailed statement to ghacks.net. “This is an ongoing, industry-wide issue faced by all peer-to-peer software companies.
Skype uses a peer-to-peer system to route its data traffic, but its encryption system is proprietary, which has prompted caution from security experts. “We are committed to the safety and security of our customers and we are taking measures to help protect them,” Skype said.
To prevent broadcasting your IP addresses use a virtual private network (VPN) so data appears to come from a different country. A user could also use The Onion Router (TOR), which shows an inaccurate IP address when browsing the Internet, anonymizing the service to make it difficult to track the actual IP address.
This is not the first time Skype has acknowledge an issue involving its users IP addresses. A research paper published back in October last year showed how the IP address could be resolved, and linked to BitTorrent usage.