Skype Android Vulnerability Puts Personal Info at Risk

Chris CrumIT ManagementLeave a Comment

Share this Post

A vulnerability in Skype and Skype Video for Android has been discovered, which can leave sensitive information at the mercy of other, malicious apps.

The detective work came from Justin Case at Android Police, who explains, "On April 11, a leaked version of Skype Video hit the web and, having a Thunderbolt, I had to try it. My first impressions of it were positive, it worked and ran smoothly. My next reaction was, you guessed it: let’s take it apart. What I discovered was just how poorly this app stored private user data."

"I quickly came up with an exploit, and I was in shock at just how much information I could harvest. Everything was available to the rogue app I created, without the need for root or any special permissions," adds Case. "Surely, only this leaked beta build was vulnerable, or so I thought. But upon examining the standard version of Skype for Android (which has been available since October 2010) I discovered the same vulnerability – meaning this affects all of the at least 10 million users of the app."

He also provides the following video showcasing the vulnerability:

Skype has responded:

Privacy vulnerability in Skype for Android – malicious apps may be able to access your profile information and IMs 11 hours ago via CoTweet · powered by @socialditto

Adrian Asher posted the following statement on the company's security blog:

It has been brought to our attention that, were you to install a malicious third-party application onto your Android device, then it could access the locally stored Skype for Android files.

These files include cached profile information and instant messages. We take your privacy very seriously and are working quickly to protect you from this vulnerability, including securing the file permissions on the Skype for Android application.

To protect your personal information, we advise users to take care in selecting which applications to download and install onto their device.

Late last month, Skype announced that it had achieved a record 30 million users online at the same time.

Chris Crum
Chris Crum has been a part of the WebProNews team and the iEntry Network of B2B Publications since 2003. Follow Chris on Twitter, on StumbleUpon, on Pinterest and/or on Google: +Chris Crum.

Leave a Reply