Skype Vulnerability Exposes Personal Details, Phone Data
By on April 14th, 2011

Android vulnerabilities are out in the wild and there is one more to add to the list. Skype for Android is potentially vulnerable. So much so, that it exposes personal data to any app asking for it. Data is left out in the wild and the app stores it with improper permissions allowing access from any other rouge app. In short, any other app installed on your phone can steal your personal Skype data without you knowing about it.

The credit for finding this exploit goes to Justin Case from Android Police. He has gone far enough to create a proof of concept app that demonstrates this vulnerability. His exclusive coverage and tests can be found on this post.

You can see the exploit at work in this YouTube video.

Case has also proposed a solution to the problem saying,

First, they can use proper file permissions, second, they should probably implement some type of encryption scheme, and third, they need to have their applications reviewed for security issues prior to release.

Skype is extremely popular for its encryption of voice channels. Though, Skype for Android was taken lightly and this has brought it a lot of bad press. I totally agree with Justin Case and Skype should really consider testing its apps on other platforms for security before releasing them to the public.

Tags:
Author: Chinmoy Kanjilal Google Profile for Chinmoy Kanjilal
Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

Chinmoy Kanjilal has written and can be contacted at chinmoy@techie-buzz.com.
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN