Researchers from the Polytechnic Institute of New York University, in cooperation from French and German colleagues, have discovered security flaws within Skype and several other voice-over-Internet-protocol systems that may reveal sensitive user information.
By exploiting these data security loopholes, hackers could potentially track user locations or monitor their peer-to-peer (P2P) filesharing activities.
“These findings have real security implications for the hundreds of millions of people around the world who use VoIP or P2P file-sharing services,” noted NYU researcher Keith Ross. “A hacker anywhere in the world could easily track the whereabouts and file-sharing habits of a Skype user – from private citizens to celebrities and politicians – and use the information for purposes of stalking, blackmail or fraud.”
Researchers drew these conclusions over a two-week period in which they benevolently monitored more than 10,000 Skype user accounts. In the study, the team was able to use commercial geo-location mapping services to record a detailed history of a user’s daily activities, even if they had not logged into Skype for several days.
One volunteer test subject was tracked over a week-long excursion that took him from New York to Chicago to France.
“If we had the mobility of the Facebook friends of this user as well, we likely would have determined who he was visiting and when,” researchers noted.
Ross went on to suggest that “a sophisticated high school-age hacker” would likely possess the skill set to exploit these Internet security loopholes and that traditional firewall defenses proved inadequate in test trials.
In addition to location mapping, the team also discovered that the same security exploit could be used to track a Skype user’s potentially illegal P2P filesharing habits.
Researchers first sorted through the 50,000 most popular downloads on BitTorrent, a popular filesharing site that has often been the target of digital piracy investigations. When a common IP address was identified between BitTorrent and Skype, analysts were able to determine the specific files downloaded and shared by the user.
With millions of users actively using Skype every day, and BitTorrent potentially accounting for more than a quarter of all Internet traffic, this discovery could have serious implications for both consumers and law enforcement officials. The vulnerability has added yet another data privacy concern for the habitual Internet user and the BitTorrent connection could be a boon to authorities targeting the spread of online piracy.
To address these and other issues, the researchers will discuss the full findings of their report at the upcoming Internet Measurement Conference next month in Berlin.
Security News from SimplySecurity.com by Trend Micro