Researcher Discloses Skype Bug That Allows For Android Authentication Bypass

In the previous year, we reported several glitches and vulnerabilities in iOS 12 that allowed bypassing the passcode lock screen. This time, a similar glitch happened with Android. A researcher has discovered a Skype bug that allowed bypassing Android authentication methods. Exploiting this vulnerability could give an attacker access to explicit user data on the device.

Skype Bug Triggering Android Authentication Bypass

A researcher has recently found a glitch in Skype as disclosed in his LinkedIn post, a Skype bug could allow an attacker to bypass Android authentication and gain access to the devices content.

According to researcher Florian Kunushevci, the vulnerability has allegedly affected all Android devices with Skype installed.

“A new vulnerability that I found on Skype has been fixed that affected millions of Android devices around the world that uses Skype.”

As per his findings, the problem existed because of exploiting the Skype call feature. All it takes for an attacker is to have physical access to the target device and make a Skype call to it. After that, the attacker could access all sensitive data stored in the device including contacts and photos.

Kunushevci has demonstrated the glitch in the video.

Microsoft Has Patched The Bug

According to the researcher, the problem primarily lies at Skype’s end, rather than the Android platform since it has affected all Android devices using Skype. The researcher reported the matter to Microsoft on October 22, 2018, after this discovery. He then received a response from the Microsoft officials the next day. However, it took them a couple of months to release a fix.

Kunushevci confirmed in his post that Microsoft has patched the bug with updates released on December 23, 2018. So, all those with Skype on their Android devices should ensure that they have updated to the latest Skype version.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients