A vulnerability has been discovered in Microsoft’s Android version of Skype. The app reportedly bypasses the phone’s lock code and can give someone access to several apps, including photos, contacts, and even launch browser windows. In simpler terms, one can exploit the Skype app to access data of a user’s phone.
A Kosovo-based bug-hunter Florian Kunushevci shared a video demonstrating that once a Skype call is answered, one can easily send a message, access contacts, check photos, open browser, and get access to several other smartphone application functions regardless of whether your phone is password protected or not.
The researcher asserted, “One day I got a feeling while using the app that there should be a need to check a part which seems to give me other options than it should,” he explained to The Register. “Then I had to change the way of thinking as a regular user into something that I can use for exploitation.” He also said that he was an everyday user of the Skype app and discovered this security flaw.
Watch: Microsoft Surface Book 2 First Look
Furthermore, the researcher reported the security flaw to Microsoft back in October 2018 before making it public, and it was fixed recently on December 23, 2018. Microsoft is yet to give an official statement on this issue. But, users are advised to install the latest version of Skype for Android app. The patch for this security flaw is included in all the Skype app builds with a version number over 18.104.22.1686.