Looks like Skype for the Android platform has a serious flaw – or
vulnerability – waiting to be exploited. Apparently, this flaw can
potentially allow anyone on any platform using Skype to tap into the
Android user’s phone’s camera and mic. For more on this, read on after
the jump.
There are a vast majority of Android smartphone users out there in
the world today, and a lot of them count on Skype for video or just
audio calling using their phones. Essentially, all these users are
vulnerable to a rather serious flaw.
Here’s how it goes down. If you’re getting a call on Skype on your
Android device and the line is dropped before connecting for reasons
other than being rejected by the receiver or cancelled by the caller,
Skype at the receiver’s end – that is the Android phone – will
automatically dial back to the caller, activating the camera, and the
mic. Bet Sam Fisher from Splinter Cell would have really found this
cool.
Here’s a step-by-step run down to re-create this flaw and check it
out yourself. It is important to note that even though the issue has
been reported in from Android users only, not all have experienced this.
Step 1: Have two devices sign into different Skype IDs. One of the devices should be an Android.
Step 2: With Android being the target, make a call to the device with your desktop, another Android phone, iPhone, or iPad.
Step 3: Just when the target phone (Android) rings, disconnect the
calling device from the Internet. In case you’re using a phone or
tablet, make sure to enter into airplane mode, in case you have data
enabled.
Step 4: You should now get a call back at any time from the Android
phone, and once it does, accept it and well, don’t get any ideas.
You would think Skype is trying to connect a dropped call, but that
would make sense had the call actually been connected. This flaw gives
any random user to call any other random user and spy into their
surroundings. I believe the mic activation is more of a serious concern
than a camera with more of a chance of the phone or tablet of being in a
pocket or a bag.
Apparently Microsoft is aware of this, and is busy patching this up as we speak. Well, Merry Christmas everyone!
(Source: Reddit)
4:41 PM
TDasany
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation.
Related Posts