Before the COVID-19 pandemic raged on, Microsoft’s Skype was the reigning solution for video calls and, in general, VoIP calling for a lot of people. It still enjoys a considerable userbase, with millions of users chatting through it every single day. However, a new security issue can potentially affect you if you’re a Skype user. The worst part? Microsoft doesn’t seem too concerned about it.
A critical vulnerability has been uncovered in Skype which potentially exposes users’ IP addresses to attackers. The exploit allows hackers to acquire a target’s IP address, and in the process, divulge their approximate geographical location. The alarming aspect is that this breach can be executed through a simple link sent via the Skype mobile app. Remarkably, the recipient didn’t even have to interact with the link — merely opening the message is sufficient for the attacker to retrieve the IP address. It should be noted that the issue is exclusive to the mobile app, not the desktop Skype applications.
An independent security researcher called Yossi brought this vulnerability to light and reported it to Microsoft. And surprisingly, Microsoft initially downplayed the significance of the issue when it was first reported, stating that the disclosure of an IP address isn’t, by itself, a security vulnerability requiring immediate action. It was then seemingly highlighted to the company that the exposure of IP addresses can lead to privacy breaches, potential abuse in personal relationships, and even more types of invasive cyberattacks — to which Microsoft apparently wouldn’t budge. Upon external pressure from media outlets, Microsoft finally acknowledged how severe of a situation this was, and committed to addressing the vulnerability in an upcoming patch.
As of the time we’re writing this, the issue is yet to be patched, and it can seemingly still be replicated. However, Microsoft will probably be releasing a patch for this very soon. Given the company’s initial response, though, we’re not sure how high this is on its list of priorities, and we are not really sure when to expect a fix. So for now, if you’re using Skype from your smartphone, consider using a VPN.
Source: 404 Media