If you use Skype a lot on your phone, you might want to update to the latest version or else nefarious elements will be able to bypass your passcode if they receive a call from the app. A 19-year old “bug hunter” from Kosovo discovered this vulnerability to the Android app and immediately reported it to Microsoft. At present, the bug has been fixed already so you have to update to version 8.15.0.416 and above to be safe from this issue.
Florian Kunushevski discovered that if you answer a call from Skype on your device, whoever is holding your phone will be able to view photos, look up contacts, send messages, and open links found in messages to a browser, all without needing to enter your passcode. He initially noticed that there was something weird about the way Skype accessed the files on the handset and so he decided to take a closer look at it.
Once he found the security oversight, he immediately contacted Microsoft to tell them about this security vulnerability. He waited until a patch was issued before going public with this discovery and alerting Skype users. The latest version of the app, released last December 23, has been able to fix the issue and so all you have to do to protect yourself is to make sure you have the latest version on your phone.
There is no official statement from Microsoft regarding this though. They should email all Skype users as not all of them will probably be able to come across news items and so they may be vulnerable to those who would wish to spy on them, albeit in a limited capacity. Still, that is a big risk for users, so hopefully Skype will be emailing all its users so they can update to the latest version.
VIA: The Register
