Skype slammed for not fixing security hole that could give away users` locations

Last Updated: Friday, May 4, 2012 - 18:52

London: Researchers have accused Skype for allowing a privacy vulnerability, which potentially let people know the location of a caller, to stay in their software for more than a year.

Skype learned more than a year ago about a privacy vulnerability that would allow someone to identify the IP address and the geographic location of a user, but left it unfixed, according to researchers who say they notified the company in 2010.

Researcher Stevens Le Blond, at the Max Planck Institute for Software Systems, said he and other researchers at the Polytechnic Institute of New York University told Skype in November 2010 about the issue.

They say they had been able to track the city-level location of 10,000 Skype users for two weeks, the Daily Mail reported.

Despite the researchers publishing their work publicly in October 2011 - it still remains unfixed.

The researchers only discovered the vulnerability was still open when a programmer posted a script online showing how Skype could be exploited.

Skype said it was `investigating reports`.

But Le Blond criticised the statement, telling the CIO Journal: “By calling it a `new tool` it means they don`t have to respond as urgently. It makes it seem like they just found out.”

The team said they could disguise calls to Skype users, prevent pop-up notifications and call histories.

The victims did not know they had been called and did not even need to answer the phone.

Keith Ross, one of the researchers who notified Skype in 2010, told the CIO Journal that Skype may be struggling to fix the problem because it may be `deeply embedded in the code` and need `heavy restructuring` to fix.

ANI




comments powered by Disqus