All about the recent Skype vulnerability

Skype’s Android application has a new vulnerability that could enable hoodlums to access the contacts, gallery, and even browser windows by bypassing Android’s phone passcode screen.

Florian Kunushevci, a bug hunter found this vulnerability and revealed it to Microsoft. Explaining the flaw, he said that this flaw permits anybody having somebody’s phone to receive a Skype call and answer it without unlocking the phone. Once the individual picks up the call, they can go to the gallery, access contacts, type and send a message, and access the browser by clicking on the links attached to the message.

Such a flaw could enable culprits or pranksters to access a great deal of private information on the phone without unlocking it with the password.

How was the flaw discovered?

The 19-year-old bug specialist from Kosovo, who is a regular user of the Skype application, found a specific abnormality as to how the application accessed local documents while performing VoIP calls. This is what drove him to explore the issue further.

The specialist soon found that after accepting and answering a Skype call, many phone application functions could be accessed without even having to unlock the phone.

Similar to recently found blemishes in Skype’s iOS applications, this flaw is additionally credited to a security oversight by the application developers. Kunushevci further revealed to The Register:

“For the specific bug that I have found on Skype, it is more of bad design and also a bug in coding. I think to put it all together, humans make mistakes.”

The analyst held up the issue in the public until the issue was fixed in the version of Skype released on December 23, 2018.

It is to be noted that this weakness influences Skype on all Android adaptations. All forms of the Skype application with a version number over 8.15.0.416 for various Android versions incorporate the fix for this bug. Microsoft has not issued any official comment on the issue.

Leave a Reply

Your email address will not be published. Required fields are marked *

Single Column Posts

Single Column Posts Subtitle

Blockchain ETF Launches on the London Stock Exchange

Investment management firm Invesco has launched a blockchain exchange-traded fund (ETF) on the London Stock Exchange last week. Invesco has...

Paxos is all about to be showered in gold

The blockchain firm, Paxos will be launching its digital token which will be backed by the precious metal, gold. During an...

Regulators Are Calling 2019 the “Year of the Blockchain”

Regulators have eased regulations regarding blockchain technology as most of them feel that it might harm the development of the...

Container Escape Hack Targets Vulnerable Linux Kernelhack

Researchers of CyberArk have been into creating a proof of concept attack which employs adversaries to bypass the security of...

Is India on its way to consider Cyber Security trustworthy as yet?

India’s largest ecommerce website, IRCTC or Indian Railways Catering and Tourism Corporation, the subsidiary of Indian Railway and run by...