There’s nowhere for Skype users to hide, thanks to a flagrant security flaw in the service.
The serious breach in the widely used, Internet video chat program means that any evil computer nerd could easily hunt down users’ whereabouts, says a study co-authored by an NYU-Poly professor.
Blackmailers, for example, could use the flaw to track the travels of a cheating spouse, said Professor Keith Ross, part of an international team of researchers who uncovered the problem.
But more alarmingly, terrorists or criminals could use the security gap to determine the locations of groups of government officials or employees of large organization, he said.
“Any sophisticated high school or college hacker could easily do this,” Ross told The Post.
Skype bosses were told of the security gap a year ago but have done nothing to fix it, Ross said.
The flaw lets hackers determine the IP address from which a Skype user is logged in.
That’s a problem because IP addresses are usually specific to Internet users’ physical locations.
Hackers simply have to know how to grab their targets’ IP addresses from simulated calls that Skype users would never notice — and which leave no trace.
Blocking callers or working from behind a firewall offer users no protection, the researchers say.
Ross’s study successfully tracked 10,000, randomly chosen Skype users over a two-week period.
Researchers also used the flaw to successfully track one of their own as he traveled from New York to Chicago, back to New York and then to his home in France.
The flaw may also be a problem for other video-chat services such as MSN Live, QQ and Google Talk, the researchers say.
And a similar flaw in file-sharing services such as BitTorrent may let hackers monitor what material users are downloading, Ross said.
The results of the study — titled “I Know Where You are and What You are Sharing” — will be presented at a computer security conference in Germany next week.
Ross won’t present the results himself; instead, one of his colleagues will present them.
Skype — which is owned by Microsoft and has more than 500 million users worldwide — did not respond to a request for comment.