If you ever use Skype, you’ll know that it has revolutionized how we talk to our friends and family from far away. Video calls and messages have spread to other messaging platforms now, but Skype was the first, which means you’ll probably have the app downloaded on your phone. There is also a good chance that every now and then, you’ll receive a message from one of your Skype contacts that is clearly spam. Yes, Skype is vulnerable to cyber-attack just like any other program, and an independent developer has discovered a frightening new bug in Skype for Android.
Hackers can use Skype calls to break into Android phones
The trick was found by Florian Kunushevci, a 19-year-old bug researcher from Kosovo, and it allows hackers to bypass a user’s lock screen. Kunushevci discovered that the hackers can answer a Skype call without having to unlock the phone. Then, they can access the data held on the phone by clicking on links sent via a Skype message. In this way, the hacker will be able to send messages, open the browser, view photos, and even look up contacts. You can see how the hack works below:
Speaking to The Register about how he discovered the vulnerability, Kunushevci said, “One day I got a feeling while using the app that there should be a need to check a part which seems to give me other options than it should… Then I had to change the way of thinking as a regular user into something that I can use for exploitation… the specific bug that I have found on Skype, it is more of a bad design and also a bug in coding.” The bug allows users to access various features on the device without first checking if the user has been authenticated.
The bad news is that the bug affects Skype on all versions of Android, which means you’ll be vulnerable even if you’re running the latest version of Android. The problem is in the Skype app, rather than the mobile operating system.
The good news, however, is that before Kunushevci published his findings on YouTube, he reported them to Microsoft. This means you won’t have to delete Skype from your phone to protect yourself from this vulnerability. Microsoft released a patch in the December 23 Skype update. If your Android phone is set to automatically update apps, your version of Skype will already have the patch. If you don’t have auto-update on, then you can either download the latest version of Skype or head to the Google Play Store and update it there.