X

Sign in

Sign in to confirm

Have you forgotten your password?

... or login with Facebook:

Don't have an AndroidPIT account yet? Sign up

Skype For Android Lockscreen Bypass

Edwin Kee
5

When it comes to the digital world, you can say that there are no guarantees in terms of security, although certain measures and best practices can be applied to minimize the risk of a security breach. Users who love to Skype over their Android-powered devices might want to take note that there is the very real danger of someone bypassing your Android device’s lockscreen through a security loophole found in Skype for Android.

skype lockscreen bug
Skype for Android security flaw.  / © Skype

 

Apparently, the Skype for Android application does seem to carry with it a bug that will allow the pre-loaded Android lockscreen (via pattern, PIN or password) to be bypassed without too much of a hassle, but if and only if the device happens to remain logged into Skype, while the "attacker" calls the "victim" on Skype.

 

How Is This Security Loophole Reproduced?

You will need a couple of Skype accounts as well as 2 separate devices that will run Skype. The target phone will obviously be presumed to have an Android lockscreen that has been configured and is in use, where it will remain locked at the start of the test.

1. Initiate a Skype call to the target device, which will cause it to wake, ring, and display a prompt on the screen to answer or reject the call

2. Accept the call from the target device using the green answer button on the screen

3. End the call from the initiating device (ie. the device used to call the target phone)

4. The target device will end the call, and should display the lockscreen.

5. Turn off the screen of the target device using the power key, and turn it on again

6. The lockscreen will now be bypassed. It will remain bypassed until the device is rebooted

 

The test was performed with Skype version 3.2.0.6673 (which was released on July 1, 2013) on different Android-powered devices such as the Sony Xperia Z, Samsung Galaxy Note 2, and Huawei Premia 4G.

Granted, it will be a whole lot more difficult in real life for something like this to happen on purpose by someone with malicious intent to gain access to your phone, but the possibility still remains. We do hope that the folks over at Skype and/or Google would be able to issue a fix for this security compromise sooner rather than later. Of course, I guess you can say that this is pretty minor compared to word of an Android Master Key that compromises 99% of all Android-powered devices out there.

Related Topics

From the forum. Join the discussion now!

Related Articles

Magazine / Apps
1 4 weeks ago

Skype update becomes more like WhatsApp (in a good way)

Magazine / Apps
2 2 months ago

Skype Translator: real-time translations in video calls by the end of 2014

Magazine / Apps
0 4 months ago

How to set up a custom contact list on your Android

Comments

Write new comment:
  • Philipp Junghannß (My1) Jul 8, 2013 Link

    OMG I hope this gets fixed as soon as possible...

    0
    0
  • Edwin Kee Jul 8, 2013 Link

    Yup, me too

    0
    0
  • Gio A. Jul 8, 2013 Link

    Thank you microsoft. Even their apps have security issues now. I know programming aint easy but come on really.

    I really do find it incredible how people keep finding these loopholes. Is it by sheer luck or do they really keep diging a lot till they find something because really who would think of this like look at all the steps you would have to take to do this.

    The only big problem I see here would be that the persoon would have to be in your Skype contacts to be able too call you. So in a real world situation no stranger on the street can do this to your phone I would believe.

    0
    0
  • mithun s Jul 8, 2013 Link

    Thats a BIG BUG considering how many members are accessing the skype app in entire world.

    Well, its good that someone found out this kind of issue if Skype people dont have time to it for themselves. lt seems like this is not just only a security issue but could be a usability issue too. It could happen even if you are using the app generally.

    I certainly would not feel good when this happens. May be some people would even think that their phone is compromised and wipe out thier data etc. So, skype is planning to make people panic about android :) Not good skype. Hope they fix this quickly.

    0
    0