A vulnerability in Skype’s Android app gives criminals the ability to obtain information such as contacts, photos, and internet browser windows by getting through the passcode screen. If someone has access to another person’s phone and they were to receive a Skype call, they would be able to answer it without unlocking the phone. After the call is picked up, they would be able to access private information and send messages if they were to click on the links that were included in the Skype message. The flaw was found by a researcher who discovered an abnormality in the way that the app accessed local files when running VoIP calls. It seems as if this is a human mistake which caused a bug in the coding.
Analyst Notes
Users should download the most recent version of Skype. The vulnerability is a threat to all Android versions of Skype. If users have the Skype app with a version number of 8.15.0.416 or higher they are safe. Be aware when receiving Skype calls if another party has access to the user’s device.
