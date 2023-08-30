A security researcher known as Yossi has proven that An online user’s IP address can be traced by sending them a link via the Skype mobile app. According to the expert, the flaw is present only in the mobile application of popular instant messaging and VoIP software.

Yossi stressed how simple the attack isto discover a user’s IP address it is sufficient for him to open the message but it is not necessary for him to click on the link contained therein.

Knowledge of a user’s IP address can reveal their physical location to an attacker and poses a real risk to his privacy, security and safety.

The news of the leak was reported by the website 404 Media according to which although Yossi has reported the vulnerability to Microsoft, the IT giant would have initially underestimated the problem.

Cybersecurity How hackers can steal data by listening to the sound of a keyboard by Andrea Nepori August 11, 2023

Indeed, Yossi reported the problem to Microsoft in early August, but the company replied that

“[la] disclosure of an IP address is not considered a security vulnerability per se.”

Journalist Joseph Cox explains that he was able to personally test the technique with the help of researcher Yossi.

According to Cox, the researcher was able to find out his address both when he connected to Skype using a virtual private network (VPN), and when he connected to a public Wi-Fi network without a VPN.

“The attack it could pose a serious risk to activists, political dissidents, journalists, people targeted by cybercriminals and many other people”. explains 404 Media “At a minimum, an IP address can show what area of ​​a city someone is in. An IP address can be even more revealing in a less densely populated area, because there are fewer people who might be associated with it.”

Source 404 media

Although the details of the attack have not been revealed, since the flaw has not yet been resolved, 404 Media explained that the problem can be exploited simply by manipulating a certain parameter present within the link.

The good news is that after the public dissemination of the news by 404 Media, Microsoft announced that it intends to fix the problem in an upcoming update.

The impact of vulnerabilities like this is certainly important precisely for the diffusion of the software.

According to the latest information available, as of 2023, Skype has around 400 million monthly active users, of which around 170 million use the mobile app. This means that approximately 42.5% of Skype users use the mobile app.

The majority of Skype mobile users are located in Asia, followed by North America and Europe. In Italy, Skype mobile users are around ten million.

Share this: Twitter

Facebook

