Pierluigi Paganini August 28, 2023
Attackers can discover IP address by sending a link over the Skype mobile app

A security researcher demonstrated how to discover a target’s IP address by sending a link over the Skype mobile app. The security researcher Yossi discovered that is possible to discover a target’s IP address by sending a link over the Skype mobile app. The researcher pointed out that the attack only requires the target to […]

Pierluigi Paganini January 04, 2019
Flaw in Skype for Android exposes photos and contacts

A security expert found a flaw in Skype for Android that could be exploited by an unauthenticated attacker to view photos and contacts, and even open links in the browser. Security expert Florian Kunushevci (19) discovered a vulnerability that allows an unauthenticated local attacker to view photos and contacts, and also to open links in […]

Pierluigi Paganini September 05, 2018
An untold story of a memory corruption bug in Skype

Security expert discovered that Skype has a malloc(): memory corruption vulnerability that could be triggered while users share some media/file with someone during a call.  Tested on: Linux zero 4.15.0-29-generic #31-Ubuntu SMP Tue Jul 17 15:39:52 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux (Ubuntu 18.04 LTS) Product affected: Skype for linux (skypeforlinux_8.27.0.85_amd64.deb)Steps to reproduce this issue: 1. Open […]

Pierluigi Paganini January 12, 2018
Never too late, Skype supports end-to-end encryption for new Private Conversations feature

It’s official, Microsoft’s Skype is rolling out a new feature called Private Conversations, which uses end-to-end encryption. The latest version of Skype implements end-to-end encryption and introduces the support for the Signal protocol. which is the protocol used by WhatsApp, Facebook Messenger, Google Allo, and Signal. Attackers will not able to snoop on Skype Private Conversations will support text, […]

Pierluigi Paganini June 28, 2017
Experts found a critical remote buffer overflow vulnerability in Skype

The security expert Benjamin Kunz-Mejri from security firm Vulnerability Lab discovered a remote zero-day stack buffer overflow vulnerability in Skype. The security expert Benjamin Kunz-Mejri from security firm Vulnerability Lab discovered a Skype zero-day stack buffer overflow vulnerability, tracked as CVE-2017-9948, that could be exploited by a remote attacker to execute malicious code. Vulnerability Lab reported the […]

Pierluigi Paganini April 21, 2017
Anatomy of Cybercriminal Communications: Why do crooks prefer Skype

Security firm Flashpoint published an interesting paper titled, ‘Cybercrime Economy: An Analysis of Cybercriminal Communication Strategies‘ about cybercriminal communications of threat actors. A recent research by the threat intelligence firm Flashpoint has uncovered how malicious threat actors communicate to share information between them. The research has found out that there is a growing economy in the […]

Pierluigi Paganini December 14, 2016
Experts spotted a Skype backdoor for Mac, it could be a coding bug

Experts from Trustwave discovered an authentication bypass vulnerability affecting the Mac version of Skype, experts classified it as a Skype backdoor. Security experts from Trustwave have discovered a backdoor in the Mac version of Skype. The flaw, aAn authentication bypass vulnerability, affects the Desktop API that could be used by third-party apps to implement a Skype communication. […]

Pierluigi Paganini October 20, 2016
Experts devised a method to capture keystrokes during Skype calls

A group of security experts discovered that the Microsoft Skype Messaging service exposes user keystrokes during a conversation. A group of researchers from the University of California Irvine (UCI) and two Italian Universities discovered that the popular Skype Messaging service expose user keystrokes during a call. The researchers have devised a method to record the acoustic emanations of […]

Pierluigi Paganini January 24, 2016
Skype – IP will now be hidden by default to avoid attacks

Skype announced it will hide the user’s IP address, the new security feature is enabled by default in the latest update provided by the company. Skype now hides users’ IP addresses, a measure implemented to protect them against attacks from online trolls. Skype announced the security feature this week in a blog post, the feature is […]

Pierluigi Paganini April 30, 2014
Skype stores all application data in a local database in plain text

Romanian Researcher discovered that Skype application store sensitive User Data Unencrypted on a local database. A Romanian programmer at Hackyard Security Group, DragoƟ Gaftoneanu, revealed through a  blog post that the popular VOIP application Skype leaves its local database unencrypted. Unfortunately the problem is very common, many applications, especially mobile apps, don’t encrypt application data exposing user’s information to serious risks for their privacy.  According Gaftoneanu, […]