Skype’s Android application has a new vulnerability that could enable hoodlums to access the contacts, gallery, and even browser windows by bypassing Android’s phone passcode screen.
Florian Kunushevci, a bug hunter found this vulnerability and revealed it to Microsoft. Explaining the flaw, he said that this flaw permits anybody having somebody’s phone to receive a Skype call and answer it without unlocking the phone. Once the individual picks up the call, they can go to the gallery, access contacts, type and send a message, and access the browser by clicking on the links attached to the message.
Such a flaw could enable culprits or pranksters to access a great deal of private information on the phone without unlocking it with the password.
How was the flaw discovered?
The 19-year-old bug specialist from Kosovo, who is a regular user of the Skype application, found a specific abnormality as to how the application accessed local documents while performing VoIP calls. This is what drove him to explore the issue further.
The specialist soon found that after accepting and answering a Skype call, many phone application functions could be accessed without even having to unlock the phone.
Similar to recently found blemishes in Skype’s iOS applications, this flaw is additionally credited to a security oversight by the application developers. Kunushevci further revealed to The Register:
“For the specific bug that I have found on Skype, it is more of bad design and also a bug in coding. I think to put it all together, humans make mistakes.”
The analyst held up the issue in the public until the issue was fixed in the version of Skype released on December 23, 2018.
It is to be noted that this weakness influences Skype on all Android adaptations. All forms of the Skype application with a version number over 18.104.22.1686 for various Android versions incorporate the fix for this bug. Microsoft has not issued any official comment on the issue.