Skype Android app flaw places data in danger

Skype says it is looking into a flaw which could allow hackers to acquire user data including contacts and instant message logs.

Skype

A vulnerability in the Skype app for Android could be exploited by hackers wanting to get hold of user profile and contact information, according to a report.

Skype did not encrypt files within the app containing data such as contacts and instant message logs, leaving them accessible to third-party sources, the Android Police claimed.

"Skype mistakenly left these files with improper permissions, allowing anyone or any app to read them. Not only are they accessible, but completely unencrypted," the Android Police said.

"But how do we find this directory from another app if we don't know the username? Well, Skype stored the username in a static location, we can parse this file, get the username and find the path to Skype's stored data."

In theory, a rogue developer could create an application so when it is installed on a Skype user's Android phone, it will pilfer the data. The Android Police created a proof of concept to test the theory.

"This means that a rogue developer could modify an existing application with code from our proof of concept (without much difficulty), distribute that application on the Market, and just watch as all that private user information pours in," the Android Police added.

"While the exploit can't steal your credit card info, the data it's harvesting is still clearly very private (chat logs linked back to your real name, address, and phone number)."

Skype said it was aware of the issue and was looking at how to protect its users.

"It has been brought to our attention that, were you to install a malicious third-party application onto your Android device, then it could access the locally stored Skype for Android files," said Adrian Asher, chief information security officer at Skype, in a blog post.

"We take your privacy very seriously and are working quickly to protect you from this vulnerability, including securing the file permissions on the Skype for Android application."

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Most Popular

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021