Skype offers businesses a way to cut telecommunication costs, while simultaneously improving communication between employees and making it easier for customers to get in touch. However, many companies have failed to deal with Skype account vulnerabilities and are leaving their networks exposed to attack. Hackers are exploiting Skype account vulnerabilities to install malware and gain access to corporate networks.
Have you checked for Skype account vulnerabilities recently?
Barely a day passes without a new software vulnerability being discovered. Even some of the most widely used software contains numerous security flaws that can be exploited by hackers, and VOIP services are no exception. Even Skype has been found to contain security flaws that can be exploited by cybercriminals. Recent news reports have highlighted the risk faced by many corporate users of the Voice Over IP service.
The latest Skype security risk to be discovered takes advantage of lax security controls in the account recovery process. The security flaw can potential allow hackers to gain access to user accounts. Skype is extremely popular, and over 700 million accounts have been opened around the world. Unsurprisingly, the popularity of the VOIP service has made it an attractive target. If a security flaw can be found, the potential for exploiting users is considerable.
Skype was created in Estonia in 2003. It did not take long for the VOIP service to become the most popular software chat and VOIP call platform. It offers a free way to communicate with friends and family, no matter where they are located in the world. Calls can be made free of charge to other Skype users, and even the paid service allows telephone calls to be made incredibly cheaply. It is not hard to see why Skype has become so popular.
The Skype account recovery feature can be exploited
Skype can be used to communicate over the internet without risking malware infections or exposing sensitive information, but Skype account vulnerabilities do exist. The software is robust and contains a number of security features designed to protect users and keep their accounts secure. Unfortunately, not all features of the software are robust. Recently the VOIP software has received a considerable amount of criticism after it was discovered that hackers could exploit Skype account vulnerabilities to gain control of user accounts.
One software security researcher, with the account @TibitXimer, claimed that his account had been compromised not once, but on six separate occasions. He has issued a warning to all users of the software saying that the same Skype account vulnerabilities could be used by hackers to gain control of any of the 700 million user accounts.
The account does not actually need to be hacked. All a criminal needs do is get in touch with the Skype support team. With only a limited amount of account information, a criminal could be provided with access to an account. TibitXimer claimed that all a hacker needs to provide is a first name and a last name, 3-5 contacts, and an email address. Information that is not particularly difficult to obtain.
This is just one of a few Skype account vulnerabilities to be discovered in recent months. Until recently it was possible to sign up for an account with an email address that had already been used to create a Skype Account. Once the account was set up, it was possible to gain access to the first account that was created, by using the company’s password reset option.
Additional security controls should be adopted
There are a number of additional security controls that could be adopted to make the VOIP platform more secure. Many websites, especially online banking sites, require security questions to be set and answered correctly before passwords are reset. Two factor authentication could also be used. This would ensure that an account could only be accessed by a criminal if the mobile phone of a user had been stolen, and their Skype account name and email address determined.
One way a Skype user can reduce the risk of their account being hijacked is to set up an email account specifically for use with Skype. If an email address is shared across numerous websites, there is a greater probability of criminals attempting to compromise the account.