Skype tackles hack vulnerability that put accounts at risk

Go down

Skype tackles hack vulnerability that put accounts at risk Empty Skype tackles hack vulnerability that put accounts at risk

Post  wyatt1 on Wed Nov 14, 2012 4:56 pm

Skype has suspended its password reset function after it emerged the facility could be used to hijack the video chat service's accounts.

The vulnerability was discussed on a Russian blog about three months ago, but was only tackled after details were shared on news site Reddit.

The issue could have exposed answerphone messages, old text message conversations and user details including date of birth.

Skype is looking into the problem.

"We have had reports of a new security vulnerability issue," wrote engineer Leonas Sendrauskas.

"As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologise for the inconvenience but user experience and safety is our first priority."

Easy-to-use attack
A how-to-guide was first shared on Russian forum Xeksec.

It involves using a victim's Skype-registered email address to create a new account which is also linked to an email account owned by the attacker.

If a password change is then requested using the target's username, the hijacker can access the resulting reset token via the Skype app itself using the newly-created bogus log-in.

This can then be used to lock out the account's owner and access their details.

Skype blanks all but the last four digits of stored credit card accounts preventing the hackers from being able to steal cash, however they could have used up spare credit.

The security hole was confirmed by The Next Web which subsequently brought it to Skype's attention.

It follows on from a revelation last month that the program could be used to distribute malware via its instant message tool.

The news comes amid a campaign by Microsoft to convince members of its Windows Live Messenger chat tool to switch to Skype.

It plans to retire WLM by March 2013 across the world, with the exception of China.


Posts : 10029

Back to top Go down

Back to top

Permissions in this forum:
You cannot reply to topics in this forum