Skype Android version allowed user to bypass lock os

A combination of “poor design and a bug,” according to the problem’s discoverer, allowed an attacker to bypass Android’s lockscreen by answering a Skype call and navigating to other parts of the Android system from there.

A 19-year-old Kosovar bug hunter discovered the issue in Skype in 2018 and reported it to Microsoft in October, who incorporated a fix into an update to the app around Christmas. Version number 8.15.0.416 and higher have the fix. Since it is a white hat, the vulnerability is only now being publicized. That writes The Register. It is not stated how long the vulnerability has been in the app in total.

After a Skype call is answered, from that screen it is possible to access contacts, photos, the browser and other apps on the system via the browser. The browser can be accessed by simply typing a link into a Skype chat and then clicking it yourself. Various apps can be opened from the browser, as certain addresses can be linked to apps.

Comments
Loading...