Here’s an exclusive report from Android Police, about finding a scary vulnerability for all app users of Skype Android. Take note, this exploit is very much applicable to all the version of the App since last September. Meaning, if someone have already did this exploit last year, he could have already harvested millions of sensitive profile information and sell it on the black market.
To give you a summary, everything tumbles down on how poorly is the security for Skype Android App. As a proof, Justin Case made his own ‘exploit app’ that can harvest not only your telephone number or past chat logs with your buddies, but also your full name, complete address, email address, bio, account balance, etc.
So how does this hack work? Well, it originates from the Skype data directory (something that you can easily access without any rooting trick with your device). As you can see from the screenshot, those vital files such as the main.db which holds your personal stuff has a data permission of –rw-rw-rw- , allowing anyone to read and write through it. It’s also noticeable that Skype didn’t put any proper encryptions on this part, making it even easier for monkeys to play with it.
Now, all you need to do is know the username of your next victim, something that’s fairly do-able as demonstrated by Justin.
Check out the Skype Android hack video.
So far, Skype is already investigating the issue. And hopefully, they will apply the necessary restrictions and encryptions to make it impossible for someone to hack on their App — as soon as possible! For the last thing users would want, is to see more spam on their emails, or a creepy voice message left on their box – you got the picture?
Note: Cheers for those who don’t use their real name and personal details on your Skype account. But still, the email you used for the Skype registration is left on the crossfire.
You might also like
Story by pinoytutorial