Pause before you open that incoming Skype message on your mobile device. As reported by PCWorld, a recent flaw in the Skype mobile app reveals your IP address and location to threat agents without your knowledge. Sadly, all you have to do is open the message with a link, and you're now vulnerable.
According to the report, the odd thing is that Microsoft knows about this flaw, but is taking a lackadaisical approach to coming up with and releasing a fix. Although the tech giant knows of the spot, it has supposedly decided the flaw doesn't meet the criterion of a severe security threat or vulnerability. Apparently, giving away your location and IP address isn't a severe privacy issue for them.
Microsoft's flawed reaction to security threat
According to 404 Media Report, you don't have to click the link within the message. All you have to do to give away your IP and location is open the message. An independent security researcher named Yossi discovered the flaw and reached out to Microsoft, and in emails, he shared with 404 Media Report, the tech giant stated, "The issue did not require immediate servicing and did not indicate that it plans to fix the security hole."
Although Microsoft did say it would patch the hole in the future with an upcoming update, no timeline was given. A fear some have is the security flaws' ability to give away a person's physical location, which is a significant privacy and personal security risk. How Microsoft has deemed this non-concern is very concerning. Using Skype to locate someone you may have issues with to escalate or exacerbate the problems is a huge danger, especially with lax gun laws in the United States of America and the daily mass shootings.
Microsoft's stance that, "This report does not appear to identify a weakness in a Microsoft product or service that would enable an attacker to compromise the integrity, availability, or confidentiality of a Microsoft offering," is reckless and endangers the wellbeing of anyone using the Skype mobile application.
Since Microsoft has yet to fix the issue, Skype, which has been losing much ground in recent years, seems to be further burying itself as a communication platform. How does one use Skype knowing that it is unsafe? Since there is no fix, not even using a VPN, which usually hides your location, will not protect you from this massive security flaw.
The only advice I would suggest is, until Microsoft addresses this issue with an update, don't use Skype as you could be giving away your location. As developments happen with this story, we will keep you updated.