A new vulnerability has been discovered in Skype’s Android app by a security researcher which allows hackers to gain screen locked access to users’ gallery, contacts, and browser. It does so by bypassing smartphone’s passcode screen.
The vulnerability which has been taken care of in the most recent update of Skype was discovered by Florian Kunushevci, a 19-year-old bug hunter and an everyday user of Skype. While he reported the issue to Microsoft, he said, the flaw could allow anyone having somebody’s smartphone to receive a Skype call and responding to it without unlocking the device. Furthermore, once the call is being picked, the fraudster can access the gallery, contacts, messaging services, and even browser.
Florian identified a certain distortion in the way the app accessed local files when it performed VoIP calls and it prompted him to investigate further. While probing into the matter, he found out that on answering Skype calls, a number of android application functions could be entered without having to unlock the device.
An issue of such lethal configuration puts to risk a lot of personal data and sensitive information on users’ phone as it simply allows fraudsters to access it without unlocking the passcode.
“For the specific bug that I have found on Skype, it is more of a bad design and also a bug in coding. I think to put it all together, humans make mistakes.” Kunushevci told The Register.