Skype for Android Vulnerability Exposes User Info

Skype posted a warning on Friday, indicating that their Android app has a security vulnerability. Malicious third-party apps can access locally stored Skype files. These files include cached profile information and instant messages.

Android Police appears to be the first to discover the vulnerability. Interestingly, it appears that the vulnerability is not present in the Verizon version that Skype produced for that carrier, just in the normal app in the Android Market.

For this to be exploited, however, a user has to download a malicious app. Thus, it's more important than ever that users be careful what apps they download, and perhaps make sure they install a security app on their device, as well.

Skype is working on a fix for the vulnerability. You can watch a video of the exploit below.

Tags:  Android, Skype
Comments
rapid1 3 years ago

I heard about this yesterday. It is of course much like many email virus, malware, etc that general users download to there computer. Of course this one was in Android market which makes it a bit different. The exploit must have been an aimed effort at the exploitation it would seem. Much like I always do when downloading apps from the web I check my computer regularly with a malware, adware, virus sweep especially if I cannot verify who it is from or it has some funky addressing after the program name on the download source. It would seem that something like that would be good for smart phones.

caspinx19 3 years ago

Bored @ da house

3vi1 3 years ago

So... Skype fixes this with "chmod 770". Yawn.

Seems like a poor "vulnerability", as you would have to get the app in the market and people are not inclined to put malware out there when they know it's easiliy traceable back to them. Any piece of malware on Windows can read the data of every other installed app, and you get those from random internet sites all the time.

RMcGaughy 3 years ago

rapid1, a malware check on skype will come up negative. It's simply a permissions deal. If Google would allow root access to their OS, we could just do what 3vi1 said and chmod on it ourselves. My guess is that it was just lazyness from the skype developers... again, like 3vi1 said, "Skype fixes this with 'chmod 770.' Yawn."

omegadraco 3 years ago

This is not likely to be exploited majorly but hopefully they get it fixed soon. My bet is they already have a fix in testing. Typically when a vulnerability makes it into the public eye the software maker has known about it longer.

RunTimeWorld 3 years ago

Wish they would work on a camera enabled chat, especially for tabs such as the Galaxy

Post a Comment
or Register to comment