Microsoft has released an updated version of its popular Skype Voice-over-IP (VoIP) application that now hides users’ IP addresses by default.
The ability to hide IP addresses was added to Skype recently, and the company has decided to enable it by default in the latest version of the communications app. This privacy enhancement will be available for both desktop and mobile users, Microsoft revealed in a blog post.
The issue with Skype revealing users’ IP addresses was discovered in November 2010, when researchers from French research institute Inria and the Polytechnic Institute of New York University informed Skype on the matter. In October 2011, the researchers published their findings on this security flaw and revealed that it allowed them to track thousands of users for several weeks.
In May 2012, Skype, which became part of Microsoft in the meantime, was still looking into the matter, claiming at the time that it was investigating a “new tool” that could be used to capture user IP addresses. However, the company needed roughly four more years to include a fix for this bug in the VoIP service and to deliver it to its users.
The vulnerability made it possible for anyone to find the IP address of a Skype user, as long as they knew the username. Online tools called Skype resolvers were created to locate the IP address of Skype users by circumventing their settings, and guides on how people without advanced computer knowledge could do so also appeared (and are still available) on the Internet.
The implications of this security flaw extend beyond simple user privacy and affect consumers and business users alike. By obtaining the IP address of a Skype user, hackers can then easily find their physical location and can target the person directly, not only their online persona.
By obtaining the IP address of a business user, hackers can then try to breach the system and steal sensitive information, and could even use it as their entry point to compromise an entire corporate network.
From Microsoft’s point of view, gamers will be those to benefit from the updated Skype functionality the most, as it would be more difficult for attackers to target their systems without knowing their IP address. Online gaming has become an important source of revenue for cybercriminals, and reducing attack surface should keep the community safe.
“Starting with this update to Skype and moving forward, your IP address will be kept hidden from Skype users. This measure will help prevent individuals from obtaining a Skype ID and resolving to an IP address. You can find this update in the latest versions of Skype on desktop and mobile devices,” Microsoft notes.
Related: Microsoft Patches Windows Vulnerability Exploited in the Wild
Related: Microsoft Fixes Critical Vulnerabilities in Windows, IE, Edge
Register for the 2018 CISO Forum at Half Moon Bay
2017 ICS Cyber Security Conference | USA [Oct. 23-26]
View Our Library of on Demand Security Webcasts