Saturday, April 16, 2011

Skype for Android security hole exposes user profile, messages, more

Skype posted a warning on Friday, indicating that their Android app has a security vulnerability. Malicious third-party apps can access locally stored Skype files. These files include cached profile information and instant messages.

Android Police appears to be the first to discover the vulnerability. Interestingly, it appears that the vulnerability is not present in the Verizon version that Skype produced for that carrier, just in the normal app in the Android Market.

For this to be exploited, however, a user has to download a malicious app. Thus, it's more important than ever that users be careful what apps they download, and perhaps make sure they install a security app on their device, as well.

Skype is working on a fix for the vulnerability. You can watch a video of the exploit below.





No comments: