Researchers uncover security flaw in Skype video chat service

A security flaw in the Skype video chat service may be putting millions of users at risk, according to a report by a group of international researchers.

Warwick AshfordWarwick Ashford is chief reporter at Computer Weekly. He joined the CW team in June 2007 and is focused on IT security, business continuity, IT law and issues relating to regulation, compliance and governance. Before joining CW, he spent four years working in various roles including technology editor for ITWeb, an IT news publisher based in Johannesburg, South Africa. In addition to news and feature writing for ITWeb’s print publications, he was involved in liaising with sponsors of specialist news areas on the ITWeb site and developing new sponsorship opportunities. He came to IT journalism after three years as a course developer and technical writer for an IT training organisation and eight years working in radio news as a writer and presenter at the South African Broadcasting Corporation (SABC).

View all articles by Warwick Ashford >> 020 8652 8505 

A security flaw in the Skype video chat service may be putting millions of users at risk, according to a report by a group of international researchers.

The research team, who tracked 10,000, randomly chosen Skype users over a two-week period, said the flaw can be used to find out the location of users.

Blackmailers could track the travels of a cheating spouse, for example, said Keith Ross, member of the research team and professor at the Polytechnic Institute of New York University (NYU-Poly).

"More alarmingly, terrorists or criminals could use the security gap to determine the locations of groups of government officials or employees of large organisation," he told The New York Post.

Skype was quick to downplay the importance of the research, according to US reports, but Ross claims that any sophisticated school or college hacker could easily discover the location of users through the IP address used to log in to the service.

But Adrian Asher, Skype's chief information security officer, claims that IP addresses are easily uncovered in most web communications clients. Like other typical internet communications software, Skype users who are connected may be able to determine each other's IP addresses, but through research and development, Skype will continue to make advances in this area and improvements to its software, he told

The researchers, who used the flaw to track one of their own team as he travelled from New York to Chicago, back to New York and then to France, said they flaw may also be a problem for other video chat services such as MSN Live, QQ and Google Talk.

Ross is to present the results of the international study at a computer security conference in Germany next week.

Read more on IT news in your industry sector

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Skype is mainly used for social and casual interactions and thats the only thing I use the same for. For business meetings, security is top priority, hence, secured tools like on premise R-HUB web conferencing servers are used. They work from behind the firewall, hence better security.