A worrying vulnerability has been discovered in the Skype Android application, which currently has around 10 million Android users. The discovery was uncovered by the Android Police website team and shows that users’ personal information, including contacts, profile, IM logs, and other information within the Skype app, is open and available for nefarious and malicious apps to steal.
The security flaw, which is due to improper permissions on key files, was first found in the new Video application but was then traced back to the standard version of Skype for Android as well. Watch the video of the vulnerability after the break to see the exploit in action.
Details of the Vulnerability
The information stored by Skype within the files is not only accessible but unencrypted, and could allow a rogue developer to modify an app and harvest your private data. This includes your account information that contains your name, date of birth, cell phone number, and more. The Android Police team has posted a proof-of-concept walkthrough of the dangers this vulnerability brings with it. This vulnerability is particularly concerning because it exposes a wide range of personal data that could be used for identity theft, phishing attacks, or other malicious activities.
The flaw is rooted in the way Skype handles permissions for its data files. Instead of restricting access to these files, Skype has left them open, making it easy for any app with basic file access permissions to read and potentially modify them. This oversight in security practices is alarming, especially for an app as widely used as Skype.
Implications and Recommendations
The implications of this vulnerability are far-reaching. For instance, if a malicious app gains access to your Skype data, it could potentially impersonate you, send messages to your contacts, or even access sensitive conversations. This could lead to significant privacy breaches and potential financial loss if sensitive information is exposed.
To mitigate the risk, users are advised to be cautious about the apps they install on their devices. Only download apps from trusted sources and be wary of apps that request unnecessary permissions. Additionally, it is crucial to keep your apps updated, as developers often release patches to fix security vulnerabilities.
Skype users should also consider using additional security measures such as two-factor authentication (2FA) to add an extra layer of protection to their accounts. While 2FA won’t prevent the data exposure caused by this specific vulnerability, it can help protect your account from unauthorized access.
**The “Skype Mobile for Verizon” version of the app appears unaffected at this time
Source : Android Police
The discovery of this vulnerability in the Skype Android application underscores the importance of robust security practices in app development. Users must remain vigilant and proactive in protecting their personal information. Developers, on the other hand, must prioritize security to prevent such vulnerabilities from occurring in the first place.
Latest Geeky Gadgets Deals
Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.