Skype Vulnerability Exposes Personal Details, Phone Data

Skype Vulnerability Exposes Personal Details, Phone Data

Android vulnerabilities are out in the wild and there is one more to add to the list. Skype for Android is potentially vulnerable. So much so, that it exposes personal data to any app asking for it. Data is left out in the wild and the app stores it with improper permissions allowing access from any other rouge app. In short, any other app installed on your phone can steal your personal Skype data without you knowing about it.

The credit for finding this exploit goes to Justin Case from Android Police. He has gone far enough to create a proof of concept app that demonstrates this vulnerability. His exclusive coverage and tests can be found on this post.

You can see the exploit at work in this YouTube video.

Case has also proposed a solution to the problem saying,

First, they can use proper file permissions, second, they should probably implement some type of encryption scheme, and third, they need to have their applications reviewed for security issues prior to release.

Skype is extremely popular for its encryption of voice channels. Though, Skype for Android was taken lightly and this has brought it a lot of bad press. I totally agree with Justin Case and Skype should really consider testing its apps on other platforms for security before releasing them to the public.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>