If you use Skype, beware that a modified version of Skype VoIP can be used to find the IP address of any Skype users. With this info, a hacker could also find out personal details about the user such as their location or even their employer, according to a blog post.
All it takes is a modified registry key for the manipulation of Skype to create a log file with info that includes the users’ external and internal IP addresses. Opening the users profile with the Skype client is all it takes to find this info. In a test, conducted at heise Security, the log file always showed the correct IP, even with multiple clients. The IP addresses for all the clients were visible.
A hacker known as "Zhovner" put together the skype-IP-finder.tk web service. After a CAPTCHA has been submitted, the service can be used to find out IPs even without the special Skype client, and therefore without having to use a valid Skype account.
Using a modified version of Skype's SkypeKit SDK, that is currently only available via BitTorrent, the hacker has put the necessary Python scripts on GitHub. In a post on Hacker News, Zhovner says that Skype has already banned his account, likely because of his experiments.
No comments:
Post a Comment