Skype Flaw Discloses IP Addresses

A security vulnerability in Skype could allow someone to identify a targeted user's IP address, according to a posted exploit on Pastebin.

The exploit instructions, posted by an anonymous individual, provides details on how to download a modified version of Skype 5.5 that could allow an attacker to turn on the debug-log file with the addition of specially crafted registry keys. The attacker can then view a user's Vcard (file format standard used by Skype), whether they appear on the attacker's friend list or not. The attacker would then have access to a user's IP address, city, country and specific Internet provider.

While Skype, which was purchased by Microsoft for $8.5 billion last year, hasn't confirmed whether the exploit is real, it said it is currently looking into the issue.

"We are investigating reports of a new tool that allegedly captures a Skype user's last known IP address," said a Skype representative. "This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the safety and security of our customers and we are takings measures to help protect them."

In October of last year, Skype acknowledged that it was theoretically possible to identify a user's IP address "just as with typical internet communications software", said Adrian Asher, Skype's chief information security officer, to Network World. Asher said that Skype continually monitors and improves security measures to avoid these types of exploits from spreading.

In response to the new exploit Skype has already begun blocking accounts of those using the modified client, according to Marcus Carey, security researcher for Rapid7. However, he believes that this will just cause attackers to create multiple accounts to avoid being detected and deleted.

He also said that if in the right hands, this exploit could be used in crime prevention. "This particular exploit is very beneficial to law enforcement personnel trying to gain the location of criminals who use Skype to communicate over the Internet," said Carey in an e-mailed response.


About the Author

Chris Paoli is the site producer for and


  • Microsoft Nudging Out Classic SharePoint Blogs

    So-called "classic" blogs used by SharePoint Online subscribers are on their way toward "retirement," according to Dec. 4 Microsoft Message Center post.

  • Datacenters in Space: OrbitsEdge Partners with HPE

    A Florida-based startup is partnering with Hewlett Packard Enterprise in a deal that gives new meaning to the "edge" in edge computing.

  • Windows 10 Hyper-V vs. Windows Server Hyper-V: Which Platform for Which Workloads?

    The differences between these two Hyper-V versions are pretty significant, depending on what you plan to use them for. Here's a quick rundown of each platform, from their features to licensing quirks to intended use cases.

  • Office Mobile Apps To End as Microsoft Highlights New Office App

    Microsoft plans to end support for Windows 10 Mobile applications on Jan. 12, 2021, according to a Friday announcement.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.