Image default

Reading a Skype message could reveal your location to hackers

Male hand holding a phone in front of a computer monitor with the Skype app openImage: Mati Flo / Unsplash

Be careful what messages you read in Skype—at least when you’re on your smartphone. A flaw in the mobile app can reveal your IP address to another person unbeknownst to you. All it takes is opening a message with a link in it. And Microsoft is apparently not prioritizing this issue as a security vulnerability.

Unfortunately, you don’t have to click the link for your location to be revealed, according to a 404 Media report. Using a VPN, which is supposed to hide your actual IP address, won’t protect you from this flaw either. And, to make matters worse, any legitimate URL can be used. As discovered by Yossi, the independent researcher who discovered the issue, the exploit only requires a change to a link parameter. Typically, chat apps act as a buffer between individuals on the platform. The service knows each person’s location, but doesn’t share it while facilitating communication.

Further details about how the vulnerability works aren’t yet available—404 Media is currently withholding them, as Microsoft has yet to patch the flaw. Currently the update’s release date is unknown (“a future product update”), though Microsoft says the business version of Skype is not affected. 404 Media says that a fix was not announced until the outlet reached out for comment. 

But though the flaw may not be a high priority for Microsoft—the company reportedly classified it as failing to meet the definition of a security vulnerability when Yossi first shared his findings—this privacy issue is still problematic for security. As pointed out by a different security researcher contacted by 404 Media, an IP address can be used to enable physical or digital harassment. Anyone who has an interest in you could use Skype to make that task easier. For dangerous situations, like a stalker hunting down their victim, an abuser tracking a partner who’s left, or someone working to uncover an anonymous journalist or dissident, this Skype flaw can make those attempts easier. An IP address can be used to help confirm other data about your location or refine an ongoing search.

So, how do you stay safe? The easiest solution is to not use Skype since plenty of other popular alternatives exist. But if that’s not an option, be careful about what messages you view until a patch is released. That’s not an ideal solution, but it’s the only one available at the moment.

Alaina Yee is PCWorld’s resident bargain hunter—when she’s not covering software, PC building, and more, she’s scouring for the best tech deals. Previously her work has appeared in PC Gamer, IGN, Maximum PC, and Official Xbox Magazine. You can find her on Twitter at @morphingball.

Recent stories by Alaina Yee:

I’m ditching my passwords—and you should tooBest free password managers 2024: Online security doesn’t have to cost a thingRoku’s massive hack is why you shouldn’t reuse passwords

Related posts

Razer's awesome DeathAdder Elite is ridiculously cheap at $30 on Amazon


Razer's new USB-C dock is faster, smaller, and cheaper


Save $20 on this flashlight and emergency camping accessory


Leave a Comment