UPDATED 11:20 EST / JULY 03 2013

NEWS

Skype for Android App Vulnerability Allows Lockscreen Bypass

A security researcher has discovered a vulnerability in the Skype for Android application that could allow hackers to bypass the lockscreen function of certain Android phones, allowing them to access devices that fall into their possession.

The vulnerability was disclosed by Pulser, a moderator of the XDA Developers Android forum, who wrote that he’d found the bug in version 3.2.0.6673 of Skype’s Android app. So far, its been proven to work on Samsung Galaxy Note 2, Sony Xperia Z and Huawei’s Premia 4G-all Android phones.

Pulser made his disclosure in a post on the Full Disclosure security forum:

“The Skype for Android application appears to have a bug which permits the Android inbuilt lockscreen (ie. pattern, PIN, password) to be bypassed relatively easily.”

The good news is that the exploit requires a certain degree of skill to execute. Hackers will need to be able to access two separate devices that are each running a Skype account to bypass the screen lock. For those who can manage this, the hack is fairly simple to initiate by calling the target phone via Skype, something that causes it to wake up and display a prompt to answer the call on Skype. By quickly accepting the call on the target phone, and then ending the call on the original phone, this will cause the lock screen to pop up on the former (target) device.

From there, all one has to do is turn off the target phone and switch it back on, and you’ll find that the lockscreen has automatically been bypassed – according to Pulser, the device will then remain unlocked until its switched off again.

News of this exploit comes less than 24 hours after Skype rolled out version 4.0 of its Android app, featuring a redesigned user interface that closely resembles native Windows Phone applications with its Metro-style appearance. It’s not clear if the vulnerability also exists on the newly updated app.

Interestingly, the flaw is similar somewhat to a vulnerability that was recently discovered in the rival VoIP application Viber. In that case, all hackers had to do to access the target phone was send it a message while performing a series of actions that took advantage of the way the app handles messages. At around the same time, another lockscreen bypass was discovered by Tech News Daily that affected the so-called “Facebook Phone”, the HTC First. Both of these vulnerabilities have since been patched.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU