A security researcher has discovered a vulnerability in Microsoft’s Skype that allows a hacker to easily determine a user’s IP address.
According to 404 Media, an independent security researcher named Yossi discovered the issue. The issue allows a hacker to get a person’s IP address just by sending a link via the Skype mobile app. The target only needs to open the message, not click the link within the message, for the hacker to retrieve their IP.
As 404 Media points out, there are numerous potential implications since a person’s IP address can be used to significantly narrow down their physical location.
“I think just about anybody could be harmed by this,” Cooper Quintin, a security researcher at the Electronic Frontier Foundation (EFF), told the outlet. Quintin said the flaw could be used for “finding people’s location for physical escalations, and finding people’s IP address for digital escalations.”
Surprisingly, when Yossi informed Microsoft of the issue, the company was decidedly unconcerned.
“Upon investigation, we have determined that this submission does not meet the definition of a security vulnerability for servicing which would require immediate servicing. This report does not appear to identify a weakness in a Microsoft product or service that would enable an attacker to compromise the integrity, availability, or confidentiality of a Microsoft offering,” Microsoft responded.
After being contacted by 404 Media, Microsoft did say it plans to fix the issue, although no timeline was given.