TGS Forum
Hello Guest,

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features.

By joining this community for FREE, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, & many other special features.

Registration is fast, simple & absolutely free, so please, join our community today!
TGS Forum
Hello Guest,

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features.

By joining this community for FREE, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, & many other special features.

Registration is fast, simple & absolutely free, so please, join our community today!
TGS Forum
Would you like to react to this message? Create an account in a few clicks or log in to continue.


 
PortalHomeLatest imagesRegisterLog in

 

 [SERIOUS] A bug in Skype for Android could expose your private data

Go down 
AuthorMessage
Malay Akechan
Administrator
Administrator
Malay Akechan


Points : 676
Posts : 244
Join date : 2011-04-04
Location : Muzaffarpur, New Delhi
OS Used : Windows 7 & XP
Mobile : Nokia 5233, Samsung Galaxy Tab
Browser : Google Chrome Plus

[SERIOUS] A bug in Skype for Android could expose your private data Empty
PostSubject: [SERIOUS] A bug in Skype for Android could expose your private data   [SERIOUS] A bug in Skype for Android could expose your private data Icon_minitimeSun Apr 17, 2011 8:51 pm

After dismantling a recently leaked version of Skype for Android, Android Police has discovered a vulnerability in the software that could put users' account balances, names, dates of birth, location information, phone numbers, email addresses, bios, and more at risk.

To test the vulnerability, Android Police wrote a rogue app that could collect user information without special permissions or rooting. It turns out that it's not just the leaked beta; according to the blog, the issue exists in the standard version of Skype Mobile for Android—though not Skype Mobile for Verizon—affecting the 10 million users of the app.

In a blog post, Skype acknowledged that users who "install a malicious third-party application" on Android phones could expose locally stored Skype for Android files.
"These files include cached profile information and instant messages. We take your privacy very seriously and are working quickly to protect you from this vulnerability, including securing the file permissions on the Skype for Android application," Skype said.

"We advise users to take care in selecting which applications to download and install onto their device," the company concluded.

The problem stems from Skype's data directory folder, which stores user contacts, profiles, and instant message logs. Apparently the files include improper permissions, which enable anyone with an app to access them. Because the username is stored in a static location, a hacker could conceivably parse the file, retrieve the user name, and follow the path to Skype's stored data.

And there's a lot of data to be found. The accounts table of one file (main.db) houses sensitive user information, including account balance, phone numbers, and email addresses. The contacts table holds similar information, only for your contacts, not to mention all of your Skype instant messages. A rogue developer could theoretically modify an existing app, distribute the app through the Google Marketplace, and harvest the data as it flows in.

To address the issue, Android Police suggests that Skype do three things: employ proper file permissions; implement some kind of encryption; and have mobile apps reviewed for security issues before releasing them publicly.
Last month a privacy advocacy group criticized Skype for failing to address holes in its VoIP service. The issues included easy impersonations, lack of HTTPS protection, and poor audio encoding.



Back to top Go down
http://www.tgsforum.in
 
[SERIOUS] A bug in Skype for Android could expose your private data
Back to top 
Page 1 of 1
 Similar topics
-
» [TRICK] Trick to lock a folder containing private content
» [YOU NEED TO KNOW] ANDROID OS AND ITS VERSIONS..
» [TUTORIAL] ANDROID ON PC !!
» Android Explained
» Android is top smartphone OS in the US, iOS is a close second

Permissions in this forum:You cannot reply to topics in this forum
TGS Forum :: News Section :: Tech News-
Jump to:  
Create a forum | ©phpBB | Free forum support | Report an abuse | Cookies | Forumotion.com