A security researcher has discovered an alarming security vulnerability on Skype’s mobile apps that allows threat actors to uncover a target’s IP address by simply sending them a link.
The target doesn’t even have to click the link. Simply viewing the message is enough to expose your IP address, 404 Media reported on Monday, warning that this bug puts journalists, activists, political dissidents, and others at risk.
Yossi, the researcher who discovered the issue, reportedly informed Microsoft about it on August 12, but the company downplayed its severity, saying it “does not meet the definition of a security vulnerability…”
However, after 404 Media reached out to Microsoft, the company said it plans to patch the bug in an upcoming update.
At the time of writing, the only way to prevent hackers from exploiting this bug to invade your privacy is by using a virtual private network (VPN). A VPN cloaks your real IP address and throws off anyone who may be trying to pinpoint your location.
The Implications of an Exposed IP Address
Your IP address is your digital address. It’s linked to your router and can reveal information about you, including your physical location (at least your city or approximate area) and your internet service provider (ISP).
While an IP address doesn’t reveal your name or personal details, access to it allows threat actors to track your online activity. It also exposes your location — putting high-profile users at risk of physical harm. With access to your IP, threat actors could even contact your ISP and pry for information about you.
The websites you visit and the apps you use can see your IP address. However, they’re not supposed to reveal this information to others. Since the vulnerability is unpatched, Yossi did not reveal the exact security workaround that exposes users’ IP addresses on Skype.
It’s not uncommon for a security breach to expose users’ IP addresses. In June, an exploit in the popular video game CoD: Black Ops Cold War allowed unauthorized persons to access gamers’ IP addresses.
How a VPN Masks Your IP Address
When you connect to a VPN network, your real IP address is hidden, and you’re assigned an IP address that corresponds with the server you’re using. So, if you’re in the U.S. and connect to a VPN server in Portugal, every website you visit, or app you use will see the Portugal IP address and assume you’re in Portugal.
Many people use a VPN daily to hide their location, preventing advertisers and other unauthorized parties from tracking them across the web.
Until Microsoft resolves the issue, it’s important to always use a VPN when accessing the Skype mobile app. Besides masking your IP address, VPNs have other benefits, including allowing you to access geo-restricted content and bypass censorship in repressive countries.
We’ve tested dozens of VPNs. Check out our article on the best VPNs to see our top picks and discover amazing discount deals.
For more security news, follow us on X (Twitter), Threads, and Mastodon!
