What's more, the user is completely unaware of this happening and the entire scheme is easily scaled to incorporate the simultaneous monitoring of Internet usage patterns of some 10,000 users, and all for the extremely low price of some $500 per week.
"Real-time communication in the Internet is naturally done peer-to-peer (P2P), i.e., datagrams flow directly between the two conversing users. The P2P nature of such a service, however, exposes the IP addresses of all the participants in a conversation to each other," explain the researchers. "Specifically, if Alice knows Bob’s VoIP ID, she can establish a call with Bob and obtain his current IP address by simply sniffing the datagrams arriving to her computer. She can also use geo-localization services to map Bob’s IP address to a location and ISP. If Bob is mobile, she can call him periodically to observe his mobility over, say, a week or month."
"Furthermore, once she knows Bob’s IP address, she can crawl P2P file-sharing systems to see if that IP address is uploading/downloading any files. Thus VoIP can potentially be used to collect a targeted user’s location. And VoIP can potentially be combined with P2P file sharing to determine what a user is uploading/downloading. This would clearly be a serious infringement on privacy."
But, to effectively discover the user's IP, there are many hurdles to be passed. For one, how can one be sure that the user is the person one wants to target? Well, the fact that Skype has an advanced member search engine certainly helps, so knowing a persons email address and birth date is most of the time quite enough.
Also, one must be able to unequivocally determine which packets arrive from that particular peer and to be able to call that person every so often without him noticing. One must also be able to do that even if one's on the user's blacklist and not allowed to establish direct calls with him.
The researcher managed to do all three of these things. They are able to distinguish which packets are sent from a particular user and extract his IP address from their headers, to call the user but prevent the establishment of TCP connections so that he is not notified of the call, and have discovered a Skype privacy hole that allowed them to do this even if the user didn't have them in the contact list or has explicitly blocked them.
Once the IP address is discovered, a visit to BitTorrent (or other file-sharing applications') sites and a comparison with the list of IP addresses participating peers may yield a match (or more matches) that can identify the user's activity even if the he shares his IP address with several users.
According to the researchers, other IM applications such as MSN Live and Google Talk can also be used instead of Skype to harvest the user's IP address, but they chose Skype because of the aforementioned privacy flaw.
They finally recommended some changes that would allow Skype users to be secure from having their IP address revealed with such an approach. "One measure that can go a long way is for the designers of the VoIP signaling protocol to simply ensure that the callee’s IP address is not revealed to the caller until the callee accepts the call," they say.
“With this property, Alice would not be able to inconspicuously call Bob. Moreover, if Alice is a stranger (that is, not on Bob's contact list), and Bob configures his client to not accept calls from strangers, then this design would prevent any stranger from tracking him, conspicuously or otherwise.”
Although not a complete solution, it is one that can be implemented rather easily. Other solutions include having all calls pass through relays, possibly on a call-to-call basis so that the relays aren't overwhelmed.
For more details about the research, download the original paper.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.