NEWS
NEWS
NEWS
Skype for Android App Vulnerability Allows Lockscreen Bypass
A security researcher has discovered a vulnerability in the Skype for Android application that could allow hackers to bypass the lockscreen function of certain Android phones, allowing them to access devices that fall into their possession.
The vulnerability was disclosed by Pulser, a moderator of the XDA Developers Android forum, who wrote that he’d found the bug in version 3.2.0.6673 of Skype’s Android app. So far, its been proven to work on Samsung Galaxy Note 2, Sony Xperia Z and Huawei’s Premia 4G-all Android phones.
Pulser made his disclosure in a post on the Full Disclosure security forum:
“The Skype for Android application appears to have a bug which permits the Android inbuilt lockscreen (ie. pattern, PIN, password) to be bypassed relatively easily.”
The good news is that the exploit requires a certain degree of skill to execute. Hackers will need to be able to access two separate devices that are each running a Skype account to bypass the screen lock. For those who can manage this, the hack is fairly simple to initiate by calling the target phone via Skype, something that causes it to wake up and display a prompt to answer the call on Skype. By quickly accepting the call on the target phone, and then ending the call on the original phone, this will cause the lock screen to pop up on the former (target) device.
From there, all one has to do is turn off the target phone and switch it back on, and you’ll find that the lockscreen has automatically been bypassed – according to Pulser, the device will then remain unlocked until its switched off again.
News of this exploit comes less than 24 hours after Skype rolled out version 4.0 of its Android app, featuring a redesigned user interface that closely resembles native Windows Phone applications with its Metro-style appearance. It’s not clear if the vulnerability also exists on the newly updated app.
Interestingly, the flaw is similar somewhat to a vulnerability that was recently discovered in the rival VoIP application Viber. In that case, all hackers had to do to access the target phone was send it a message while performing a series of actions that took advantage of the way the app handles messages. At around the same time, another lockscreen bypass was discovered by Tech News Daily that affected the so-called “Facebook Phone”, the HTC First. Both of these vulnerabilities have since been patched.
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
