All the latest UK technology news, reviews and analysis


Skype investigating critical hacker hijacker flaw

14 Nov 2012
skype-screen-logo

Skype has begun investigating reports of a critical flaw that allowed attackers to hijack control of some users' account.

News of the vulnerability broke on Tuesday evening, though Skype only admitted it was aware of the issue on Wednesday.

"We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further," Skype said in a statement.

"We apologise for the inconvenience but user experience and safety is our first priority."

The vulnerability allowed third parties to gain control of a Skype user's account using the service's password reset feature.

"The way it worked was that you would create a new Skype account with the same email as your target - say, billg@microsoft.com," explained F-Secure security chief Mikko Hypponen.

"Then you would issue a password reset request for the account you just created. Skype would then prompt you to pick which account you would like to reset and then the attacker would select the Skype name of the target and his Skype password would be reset - easy."

Hypponen said that disabling the reset service should be enough to stop hackers exploiting the vulnerability.

"Microsoft has now disabled the password reset link on skype.com, so the vulnerability doesn't not seem to be there anymore," Hypponen told V3.

The exploit's discovery follows an increase in criminal's interest in the chat service. Prior to it security firm Trend Micro discovered the dorkbot ransomware targeting the Skype users.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
20%
14%
4%
20%
30%
12%

Popular Threads

Powered by Disqus
Galaxy S5 vs One M8 video review

Galaxy S5 vs HTC One M8 video review

We see which Android contender is best for business

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Embedded C Developer - Bracknell

Job Title;- Embedded C Developer - Bracknell Description...

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

Developer (SharePoint and .Net)

To be an outstanding regulator, we need outstanding systems...

Service Desk Analyst

Service Desk Analyst - Central London Fragomen is...
To send to more than one email address, simply separate each address with a comma.