Flaw in Skype Allows for Secret Tracking of User’s Location

by Mike Mintz on May 29, 2012 · 1 comment

in Legal Technology,martindale.com

In November 2010, Skype became aware of a security flaw in its system which allows someone to surreptitiously track the location of its customers—and it has done absolutely nothing about it.   Skype is now owned by Microsoft.  This is an especially troubling problem for businesses that use the Skype platform.  In 2011, approximately 37% of its 663 million members used Skype for business purposes.  That amounts to over 245 million Skype users.  The Skype platform is becoming increasingly popular with businesses, although given this latest news, companies will be more reluctant to allow its employees to use Skype.

Researchers were able to secretly track the location of 10,000 Skype users for two weeks without being detected.  Recently, the same researchers re-tested their research and discovered they were still able to track users’ locations. Skype had not done a single thing to fix the defect.

Skype only indicated that it was looking into the issue.  According to the researchers, Skype is making it sound as if it just found out about the problem.  Therefore, Skype feels that it has quite a bit of time to respond to the issue when in fact, Skype knew about the problem for a while.

The flaw allows hackers to track the customers’ IP addresses. The researchers did so without the users’ knowledge by masking extremely short calls. These calls did not result in a pop-up window appearing on the users’ devices which usually identify the caller and any call histories associated with that caller.  Consequently, the users were not even aware that someone had called them, and the users did not have to answer the call to be identified to the trackers.

Once the call was made, the researchers were able to obtain the users’ IP addresses from information automatically routed to the trackers.  The IP addresses allowed the researchers to track the users within approximately 700 yards.  The researchers would then repeat this process every hour in order to track the users’ movements.  According to the researchers, the same trick could be used to track users who use Skype on their smart phones, although it is not as accurate.

The flaw could allow for all sorts of crimes and transgressions to be perpetrated against companies, including acts by rivals wanting to track the movements of individuals within a specific company as they travel on business. In this way one can learn the company’s business strategy.  It can also be used to hack into a users’ computer, something that is more of an issue now with the rise of cybercrime in the United States.

Several people have surmised that Skype is taking its time dealing with the issue because the flaw might be deeply embedded in its system and require a complete system overhaul to fix, something it would obviously be reluctant to do.

{ 1 comment… read it below or add one }

Boodaddy wrote onMay 30, 2012 at 4:40 pm

Homeland Security and the DOJ… enjoys unbridled access to system flaws just like this that are result of passive “engineering” by service providers accommodating government snooping. Clearly, its not an inequity when the customer is inconvenienced…so one should submit reasonable request for investigation to the US Congress and to the FCC and the Federal Trade Commission. This unresolved issue remains a violation of law and can be successfully litigated to secure relief for damages. DON’T let them get away with it, or they will expand the envelope to include groping your underwear for family jewels…

Reply

Add a Comment






Asterisks (*) indicate required fields.

Use of and participation in this website are subject to Terms & Conditions