What just happened? Skype reportedly has a critical security flaw that could potentially allow hackers to obtain users’ IP addresses if they simply open a message with a link. While Skype was once the dominant video conferencing app on the internet, it has long been superseded by many similar software options, like Zoom. Even Microsoft itself has been pushing Teams rather than giving Skype the attention it needs to regain its lost glory.
As reported by 404 Media, the latest Skype vulnerability was discovered by independent security researcher Yossi, who says he shared his findings with Microsoft earlier this month. However, the company did not take the issue seriously at first, and said that it did not require immediate attention. Thankfully, better sense has since prevailed, and Microsoft has agreed to roll out a patch to fix the flaw, but only after being contacted by the media. There is no ETA for the update, though, meaning it could be a while before this issue is fixed for good.
The report says it verified Yossi’s claim in two separate tests, and the researcher was able to obtain the IP address of the author both times, proving it is a clear and present danger to users. According to security experts, the vulnerability could jeopardize the privacy of Skype users and pose a serious risk to activists, political dissidents, journalists, and regular netizens. While IPs don’t necessarily pinpoint the exact address, they could still reveal the general location of users, potentially putting people at risk of being targeted by cybercriminals or rogue nation-states.
Meanwhile, Microsoft says that the vulnerability only affects the consumer version of Skype and not the business product, meaning enterprises and corporate users need not have to worry about having their privacy compromised by the bug. That being said, it is still a massive cause for concern and one that needs to be fixed as soon as possible by Microsoft.
Many security researchers have been dismayed by Microsoft’s initial response to Yossi’s report; at least one prominent expert lambasted the company for its lackadaisical attitude to the problem. Speaking to 404 media about the bug, Cooper Quintin, a security researcher and senior public interest technologist at the Electronic Frontier Foundation (EFF), said that Microsoft’s reaction to the issue is “emblematic of why Skype has lost so much market share.”
Quintin also urged Microsoft to roll out a patch as quickly as possible and pointed out that the problem is especially grave for dissidents who operate under pseudonyms, as the flaw could allow unauthorized people to learn about their physical location and identity, potentially putting them in harm’s way.