Sign in with your corrected sign-in address
Skype sign in problem android for android#
Psst… Did you know Sophos has a free Android security product? You can find out more about Sophos Mobile Security for Android here.įollow on Twitter for the latest computer security news.Some troubleshooting steps are different depending on the type of installation you have. The researcher wasn’t awarded a bug bounty, he said, but he should be getting a mention in Microsoft’s bug-hunter hall of fame, whenever that’s updated.
Skype sign in problem android update#
To protect themselves from the bug, users should update their Skype for Android app if they haven’t already. Kunushevci said the Skype for Android vulnerability probably affects all Android devices using an unpatched Skype version. I think to put it all together, humans make mistakes. Hey, stuff happens when you code, Kunushevci said:įor the specific bug that I have found on Skype, it is more of a bad design and also a bug in coding. If you had an iOS 9 or 9.0.1 device with Siri accessible from your lock screen, you were vulnerable regardless of the type or length or your passcode, and regardless of whether you had turned on TouchID. In September 2015, Apple patched a lock screen hole that let anyone view and edit your contacts, send text messages, and rummage through your photos, all without entering a passcode. This is similar to an iOS 9 flaw from a few years ago that let you do the same thing.
Then I had to change the way of thinking as a regular user into something that I can use for exploitation. One day I got a feeling while using the app that there should be a need to check a part which seems to give me other options than it should. That’s when he started investigating to see how it might be exploited: He was just using the Voice-over-IP (VoIP) app when he noticed something odd about how it accessed files on his handset. Kunushevci told The Register that he wasn’t hunting for Skype for Android bugs. A user/attacker/thief/snoop shouldn’t have access to data such as photos and contacts without having gone through authentication via password, PIN, lock-screen pattern, or fingerprint.
Here’s Kunushevci’s proof of concept video: He also discovered that he could send messages from the phone, all without unlocking it. He said in a post on LinkedIn that after he Skyped a target phone, the vulnerability let him view the photos, albums, names and phone numbers in a victim’s contact list, as well as allowing him to access the phone’s browser. It patched the hole for the latest version of Skype, which was issued 23 December. In October, Florian Kunushevci, a 19-year-old bug hunter from Kosovo, reported the Skype for Android security flaw to Microsoft. Need to spy on your spouse? Your employees? That suspect who refuses to unlock his Android? It was easy-peasy up until a few weeks ago: you could have just grabbed their phone, placed a Skype call to it, answered the call, then poked around, no passcode needed.