clock menu more-arrow no yes

Filed under:

Skype hack reveals your global and local IP addresses

New, 16 comments

Hackers have found an exploit in the SkypeKit API, which allows them to reveal users external and internal IP addresses without their knowledge.

Skype Logo
Skype Logo

Your Skype name can reveal more than just the information you add to your profile, after a hack that allows you to find a user's external and internal IP addresses was released. The hack uses a cracked copy of SkypeKit to begin the add contact process, which then sends the IP routing information back to the app without ever letting the targeted user know. The cracked copy of SkypeKit allows the hack to bypass the certificate authentication that is normally used by Skype to verify the app, essentially bypassing any security in the Add Contact process.

A script showcasing the hack has been uploaded to GitHub, and its creator has also made a proof-of-concept website. Simply input your target's Skype username, confirm you're human through the CAPTCHA code, and (as long as they're online) you'll get their IP addresses a second later. We gave it a try and it really works — it's definitely unsettling to see the information pop up so quickly.

While the average user probably has little to be concerned about, revealing both the external and internal IPs means that the user's exact computer can be pinpointed, and could leave them open to denial of service attacks by a malicious third party. We've contacted Skype for comment.

Update: A Skype spokesperson sent us the following statement:

“We are investigating reports of a new tool that allegedly captures a Skype user’s last known IP address. This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the safety and security of our customers and we are taking measures to help protect them.”