You Are Here: Home » Industry News » Skype for Android Enables Lock Screen Bypass, according to XDA-Developers member Pulser

Skype for Android Enables Lock Screen Bypass, according to XDA-Developers member Pulser

A security flaw in the popular Skype for Android app can be abused to bypass the phone’s lock screen and allow unauthorized full access to the targeted device.

 “The Skype for Android application appears to have a bug which permits the Android inbuilt lockscreen (ie. pattern, PIN, password) to be bypassed relatively easily, if the device is logged into Skype, and the ‘attacker’ is able to call the ‘victim’ on Skype,” XDA-Developers member Pulser writes in a blogpost on the Full Disclosure mailing lists.

Pulser tested the bug with the 3.2.0.6673 version of Skype launched July 1st and he confirmed it to work on various smart handsets, including Sony Xperia Z, Samsung Galaxy Note 2 and Huawei Premia 4G.

To simulate an attack, Pulser used two Android devices with a configured Skype account on each. One device needed an Android lock screen up and running.

He used one device to call the second device via Skype, prompting the second device to display a dialogue on its screen to answer or reject the call. The second device accepts the call and the first one hangs up. The second device will display the lock screen.

The moment the second device is turned off with the power key and turned back on, the lock screen should be bypassed. According to Pulser, the screen lock remains bypassed until the device is rebooted.

The news came immediately after the company released Skype for Android version 4.0 to mark the 100-million users milestone with major interface changes and performance enhancements.

In April, a flaw in VoIP App Viber allowed attackers to temporarily unlock victims’ smartphones. The company remedied the issue with a prompt fix.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About The Author

E-Threat Analyst

A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.

Number of Entries : 298

Leave a Comment

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top