You Too Can Crash Skype Chat With This Simple 8-Character Text String

It's beginning to look like the latest hotness in the vulnerability world is crashing applications with simple strings of text. We just talked about such a bug that's stricken iOS a mere week ago, and already another one has come to the surface. This time, Skype is in the crosshairs, and this is a bug even easier to replicate than the iOS one.

All you have to do is type in the characters "http://:" and send it, and that somehow causes Skype to become inoperable for a time. The bug does not seem to affect the "modern" version of Skype in Windows 8, nor the Mac version, and I'd also assume the Linux version (I am too scared to test!). It has been verified to work with the Windows, Android, and iOS versions.

Skype Crash

There's one thing to be aware of here if you want to test this out: receiving this text is a lot worse than sending it. If you send it yourself, it seems you can at least recover the use of Skype after a restart; it's when you receive the text that your Skype refuses to work, for "good".

Here's what's truly frustrating: clearing your chat history in the Windows version doesn't help. You could effectively wipe out your entire Skype profile on your local machine, but as soon as you reinstall and sign in, Skype will automatically download the chat logs, and while parsing them, get hitched on that little bit of text and become inoperable again. The Android and iOS versions do not have this same gotcha.

Anyone want to take a guess as to how many of the millions upon millions of Skype users will get hit with this bug today? If there's an upside to any of this, it's that Microsoft is aware of the bug and has promised to work on a resolution. Given the sheer ease of exploiting it, I'd hope that new versions will get rolled out in the next few days. Imagine requiring Skype for business, and it suddenly not work! That'd be inexcusable.


Via:  VentureBeat
Show comments blog comments powered by Disqus