Contact Center Industry News

TMCNet:  Skype Responds to IP Address Privacy Vulnerability

[May 01, 2012]

Skype Responds to IP Address Privacy Vulnerability

Originally posted on VoIP & Gadgets Blog, here:

Yesterday it was reported that a simple script could expose any Skype user's IP address. A Microsoft representative saw my article and gave me this official response, which they also provided to other media outlets:

“We are investigating reports of a new tool that captures a Skype user’s last known IP address. This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the safety and security of our customers and we are takings measures to help protect them.”

Adrian Asher, director of product Security, Skype

It's a bit of a non-answer if you ask me. True, P2P by its very nature is going to create connections between your computer/mobile and your 'target' computer/mobile. As such, it's not difficult to determine what IP addresses you are connecting to.

However, Skype leverages supernodes for a large portion of their infrastructure. I believe the supernodes handle authentication as well as call setup (or IM setup). So these supernodes act as an intermediary (proxy) between peer1 (your computer) and peer2 (target computer).

Thus, I wouldn't expect peer1 to see peer2's IP address. Apparently, this vulnerability leverages the search feature in Skype and viewing their vcard info and presence (online/offline). My guess is that Skype queries the supernodes when searching for a Skype user, but then once it find the user, it sets up a direct P2P session between your computer and the Skype user you searched for and pulls the relevant vcard / presence information. Game, Set, Match! IP address exposed!

If my assumptions are correct, I can see why Skype set it up this way. If they use supernodes to also "pull" the vcard and presence information, that's an additional load on the supernodes. I'm fairly sure, but not positive that your existing Skype buddies also make a direct P2P connection with each buddy to pull presence information, which also would expose IP addresses. But if you have 100 buddies, trying to figure out which 1 out of 100 buddies is their IP address would be difficult. If Skype made a technical change forcing each Skype client to pull presence info via supernodes (pseudo proxy) instead of direct P2P connections, that would drastically impact performance of the Skype network. This may be a huge architectural change to solve this IP address vulnerability.

However, Skype could simply change their search function to use supernodes (mask IP addresses) and allow the Skype client to query their buddies using P2P (IP addresses can be determined). At least this would block any non-buddy from determining your IP address. may be wrong in my technical assessment, so I will reach out to Skype for further comment on this. Stay tuned...

Tags: , , , , , , , Related tags: , , , , ,

Related Entries
  • Skype@Home Telephone Products Coming? - Apr 20, 2012
  • Google's Chrome Team Reveals WebRTC Roadmap - Apr 18, 2012
  • Microsoft Working on HTML5 Skype Web App? - Apr 16, 2012
  • Microsoft Lync 2010, Asterisk & Skype Integration Tutorial - Dec 28, 2011
  • It's Official - Skype Now Part of Microsoft! - Oct 14, 2011
  • Skype Click to Call Add-on Now Supports Firefox 5 & 6 - Aug 24, 2011
  • Skype (Microsoft) Blows $85 Million on GroupMe - Aug 22, 2011
  • Top 20 VoIP Innovators of All Time - Jun 13, 2011
  • Jabra SPEAK 410 Review - Apr 21, 2011
  • ClearOne Launches Speakerphones For Microsoft Lync & Skype - Feb 28, 2011
  • TrackBacks | Comments | Tag with | VoIP & Gadgets Blog Home | Permalink: Skype Responds to IP Address Privacy Vulnerability

    [ Back To Cloud Contact Center's Homepage ]


    Featured Resources

    Featured Report
    Millennial Research on Customer Service Expectations

    Millennial Research on Customer Service Expectations

    The "why" behind this research is simple: our clients recognize that different generations bring different expectations, varied communication preferences and new customer service patterns to the customer experience...
    Featured Report
    Optimizing the Customer Experience through Cloud Contact Centers

    Optimizing the Customer Experience through Cloud Contact Centers

    Adoption of cloud contact centers is on the rise. Findings from Aberdeen's January 2014 'Public Cloud vs. On-Premise: How to More Effectively Deploy a Cloud Center' study shows that 31% of contact centers are deployed in the cloud, and our related blog post highlights that companies anticipate their adoption of cloud technology to rise further throughout 2014...
    Featured Report
    Aberdeen report

    Aberdeen Report: Cloud for Mid-Sized Contact Centers – What You Must Know

    Cloud Technology is opening new doors for many businesses. However, it does so only when it's combined with the use of best practices and key technology enablers. This document highlights the adoption of cloud technology by mid-size contact centers and illustrates the reasons driving their investments...
    Featured Whitepaper
    Aberdeen report

    Seven Critical Capabilities to Demand From Your Cloud Contact Center Provider

    To deliver a world-class customer experience, your contact center must be flexible and reliable, while providing all the tools agents and supervisors need to manage their workflows. Here are seven critical capabilities to look for when deploying a contact center in the cloud...
    Featured Webinar

    Contact Center Economics and the Cloud

    Together, Bob and Drew will help you understand the economic value of upgrading technology, important business and financial considerations, and how to compare total cost of ownership of a premises vs. cloud or hosted solution. Watch the webinar on-demand now...
    Featured Datasheet
    Zipwire Cloud Contact Center

    Zipwire Cloud Contact Center

    The appeal of moving services to the cloud is obvious. Cloud services offer reliability and robust feature sets without the need to implement or maintain complex contact center infrastructure. The Zipwire™ cloud-based contact center allows businesses to leverage the flexibility and cost savings of cloud architecture while offering a seamless, first-class customer experience...