NEWS
NEWS
NEWS
Skype for Android App Vulnerability Allows Lockscreen Bypass
A security researcher has discovered a vulnerability in the Skype for Android application that could allow hackers to bypass the lockscreen function of certain Android phones, allowing them to access devices that fall into their possession.
The vulnerability was disclosed by Pulser, a moderator of the XDA Developers Android forum, who wrote that he’d found the bug in version 3.2.0.6673 of Skype’s Android app. So far, its been proven to work on Samsung Galaxy Note 2, Sony Xperia Z and Huawei’s Premia 4G-all Android phones.
Pulser made his disclosure in a post on the Full Disclosure security forum:
“The Skype for Android application appears to have a bug which permits the Android inbuilt lockscreen (ie. pattern, PIN, password) to be bypassed relatively easily.”
The good news is that the exploit requires a certain degree of skill to execute. Hackers will need to be able to access two separate devices that are each running a Skype account to bypass the screen lock. For those who can manage this, the hack is fairly simple to initiate by calling the target phone via Skype, something that causes it to wake up and display a prompt to answer the call on Skype. By quickly accepting the call on the target phone, and then ending the call on the original phone, this will cause the lock screen to pop up on the former (target) device.
From there, all one has to do is turn off the target phone and switch it back on, and you’ll find that the lockscreen has automatically been bypassed – according to Pulser, the device will then remain unlocked until its switched off again.
News of this exploit comes less than 24 hours after Skype rolled out version 4.0 of its Android app, featuring a redesigned user interface that closely resembles native Windows Phone applications with its Metro-style appearance. It’s not clear if the vulnerability also exists on the newly updated app.
Interestingly, the flaw is similar somewhat to a vulnerability that was recently discovered in the rival VoIP application Viber. In that case, all hackers had to do to access the target phone was send it a message while performing a series of actions that took advantage of the way the app handles messages. At around the same time, another lockscreen bypass was discovered by Tech News Daily that affected the so-called “Facebook Phone”, the HTC First. Both of these vulnerabilities have since been patched.
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
