After discovering that a leaked beta version of the VoIP app was vulnerable to an exploit that offers access to all user data, Android Police tried the same tactic with the widely used Skype for Android, available since October 2010, and saw the same results. The site notes that the Skype Mobile for Verizon app appears to be unaffected, only Skype for Android.
The technical details get a little complicated, but essentially, Skype stores all user data in a folder bearing that user’s name. The database files contained within that folder have incorrect permissions (simply, who/what can access them, and how), and furthermore, they aren’t encrypted. What all of this means is that these files, which contains everything from contacts and profile information to message logs, can be both accessed and read by anyone with minimal trouble.
The issue extends a bit deeper than that as well. If the issue were confined to just what is detailed above, potential intruders would have to have the user’s Skype name. Still not terribly secure, but certainly more manageable. Unfortunately, there is also a way to tease out this information as well. Android Police notes that the big danger here is of a rogue developer releasing a tweaked version of the app — think back to the recent malware debacle on Android Market — that pulls out and transmits private user information.
No comments:
Post a Comment