The problem isn’t just related to the Skype service either, but also other VOIP applications.
"These findings have real security implications for the hundreds of millions of people around the world who use VoIP or P2P file-sharing services," says Keith Ross of the Polytechnic Institute of New York University, referring mainly to the half-billion registered members of Skype’s online voice and video service and millions of torrent site users worldwide.
"A hacker anywhere in the world could easily track the whereabouts and file-sharing habits of a Skype user - from private citizens to celebrities and politicians - and use the information for purposes of stalking, blackmail or fraud."
In his findings, Ross refers to the ability of hackers to gain IP addresses from VOIP services, which can then allow them to pin-point locations with commercial software. During the investigation, researchers were able to build up a detailed account of a user’s daily activities finding out specific movements of a volunteer who used Skype to talk about his holiday and visit to friends.
"If we had followed the mobility of the Facebook friends of this user as well, we likely would have determined who he was visiting and when," said Ross.
The University professors believe that the security implications could be vast.
“For example, an attacker could get all the Skype IDs for all the politicians in Canada and the U.S., then launch an attack, get their location and, if anyone is in a suspicious location, you could blackmail someone,” warned Ross.
“It’s bad if you’re concerned about your privacy. A parent could track their children, or a spouse could track the location of his or her spouse. An employer could track all his employees.”
Other research, which involved 10,000 anonymous Skype users and 20 volunteers, allowed the University to match up IP addresses from Skype and BitTorrent to work out which files users were sharing and downloading.
Skype’s chief information security officer Adrian Asher has been quick to respond to the University’s experiment, assuring customers that it is working on security improvements.
“We value the privacy of our users and are committed to making our products as secure as possible,” reads a statement from the company.
“Just as with typical Internet communications software, Skype users who are connected may be able to determine each other’s IP addresses. Through research and development, we will continue to make advances in this area and improvements to our software.”
The NYC University professors believe that it’s a problem which can easily be fixed by redesigning the Skype protocol. The full findings of the report entitled "I Know Where You Are And What You Are Sharing" are set to be revealed next week at a computer conference in the Berlin, Germany.