Skype is known for being cheap and extremely secure, but the reputation of the internet telephone service has taken a knock after researchers revealed how to covertly track the location of people who use it.
The problem lies with the service's peer-to-peer technology, which establishes a direct connection between the two people participating in a call. Stevens Le Blond of the Max Planck Institute for Software Systems in Wartburg, Germany and colleagues worked out how to probe that connection to reveal the IP address of the person they were contacting.
IP (Internet Protocol) addresses identify individual computers and can be used to locate a device in the city, and sometimes even the specific building, where it is being used.
Le Blond's hack is doubly worrying because it can be executed without alerting the victim. His team showed that they could initiate a Skype connection and scoop up the IP address without the person's Skype account ever registering the call.
What's more, a malicious hacker could scale the process and automatically track many users at once. Le Blond and colleagues demonstrated this by showing that they could check the location of 10,000 Skype users on an hourly basis. Location information can be potentially embarrassing or even dangerous: stalkers could use the hack to pursue victims and employers could check up on the location of employees.
Le Blond says that he notified Skype of the problem in May, but that the security hole remains open. Skype's Chief Information Security Officer, Adrian Asher, told PC World "through research and development, we will continue to make advances in this area and improvements to our software."
Le Blond will present his work next month at the Internet Measurement Conference in Berlin, Germany.