Date:07/01/19
Skype’s Android app has a new vulnerability that could allow criminals to access the contacts, gallery, and even browser windows by bypassing Android’s phone passcode screen.
Florian Kunushevci, a bug hunter discovered this vulnerability and reported it to Microsoft. Explaining the flaw, he said that this flaw allows anyone possessing someone’s phone to receive a Skype call and answer it without unlocking the phone. Once the person picks up the call, they can go to the gallery, access contacts, type and send a message, and access the browser by clicking on the links sent in the message.
Such a flaw could allow criminals or pranksters to access a lot of private data on the phone without having to unlock it with the passcode. The flaw is demonstrated in this video shared on YouTube.
The 19-year-old bug researcher from Kosovo, who is an everyday user of the Skype app, found a certain irregularity in how the app accessed local files while performing VoIP calls. This is what led him to investigate the matter further.
The researcher soon discovered that upon receiving and answering a Skype call, many phone application functions could be accessed without needing to unlock the phone.
Akin to previously discovered flaws in Skype’s iOS apps, this flaw is also ascribed to a security oversight by the app developers. Kunushevci further told The Register, "For the specific bug that I have found on Skype, it is more of a bad design and also a bug in coding. I think to put it all together, humans make mistakes."
The researcher informed Microsoft of the bug in the Skype app and waited before going public until the issue was fixed in the version of Skype released on December 23, 2018.
It is to be noted that this vulnerability affects Skype on all Android versions. All builds of the Skype app with a version number over 8.15.0.416 for different Android versions include the patch for this bug. Meanwhile, Microsoft has not issued any official comment on the matter.
This Skype vulnerability allows you to bypass Android’s phone lock
Skype’s Android app has a new vulnerability that could allow criminals to access the contacts, gallery, and even browser windows by bypassing Android’s phone passcode screen.Florian Kunushevci, a bug hunter discovered this vulnerability and reported it to Microsoft. Explaining the flaw, he said that this flaw allows anyone possessing someone’s phone to receive a Skype call and answer it without unlocking the phone. Once the person picks up the call, they can go to the gallery, access contacts, type and send a message, and access the browser by clicking on the links sent in the message.
Such a flaw could allow criminals or pranksters to access a lot of private data on the phone without having to unlock it with the passcode. The flaw is demonstrated in this video shared on YouTube.
The 19-year-old bug researcher from Kosovo, who is an everyday user of the Skype app, found a certain irregularity in how the app accessed local files while performing VoIP calls. This is what led him to investigate the matter further.
The researcher soon discovered that upon receiving and answering a Skype call, many phone application functions could be accessed without needing to unlock the phone.
Akin to previously discovered flaws in Skype’s iOS apps, this flaw is also ascribed to a security oversight by the app developers. Kunushevci further told The Register, "For the specific bug that I have found on Skype, it is more of a bad design and also a bug in coding. I think to put it all together, humans make mistakes."
The researcher informed Microsoft of the bug in the Skype app and waited before going public until the issue was fixed in the version of Skype released on December 23, 2018.
It is to be noted that this vulnerability affects Skype on all Android versions. All builds of the Skype app with a version number over 8.15.0.416 for different Android versions include the patch for this bug. Meanwhile, Microsoft has not issued any official comment on the matter.
Views: 305
©ictnews.az. All rights reserved.
Similar news
- Azerbaijani project to monitor disease via mobile phones
- Innovative educational system to be improved under presidential decree
- NTRC prolongs license of two TV and radio organizations for 6 years
- Azerbaijan establishes e-registry for medicines
- Azerbaijani museum introduces e-guide
- Nar Mobile opens “Nar Dunyasi” sales and service center in Siyazan city
- International conference on custom electronic services held in Baku
- OIC secretary general to attend COMSTECH meeting in Baku
- Azerbaijan develops earthquake warning system
- New law to regulate transition to digital broadcasting in Azerbaijan
- Azerbaijani State Social Protection Fund introduces electronic digital signature
- Intellectual traffic management system in Baku to be commissioned in December
- Tax Ministry of Azerbaijan started receiving video-addresses
- World Bank recommends Azerbaijan to speed up e-service introduction in real estate
- Azerbaijan to shift to electronic registration of real estate
