A vulnerability is found in Skype on Android version 'Access inside smartphone without entering a path'


by Sam Azgor

Skype of Internet telephone service provided by Microsoft has become a popular service with many users around the world. Skype is also offering an Android version of the application, but the vulnerability of "almost unlocking smartphone locking by simply placing a call on Skype for Android" was reported to Florian , a 19-year-old bug researcher living in Kosovo Kunushevci discovered.

Can not unlock an Android phone? No problem, just take a Skype call: App allows passcode bypass • The Register
https://www.theregister.co.uk/2019/01/03/android_skype_app_unlock/

Kunushevci used Skype for Android on a daily basis, but one day I noticed that there was a way to access files inside the smartphone without having to enter a passcode using Android version Skype. So, Kunushevci who was only 19 years old and acted as a bug hunter, he inquired about the vulnerability of Android version Skype in earnest.

This is a movie that actually shows how Kunushevci touched the vulnerability of the Skype application, accessed the files inside the Android smartphone and browsed.

Skype Android Authentication Bypass


The onscreen Android smartphone that is on the screen is locked.



A Skype call comes in there.



Kunushevci responds to a call ... ....



Tap the part of the name of the other party displayed on the upper left of the screen.



Tap the option to send a message.



Tap "Media" from the message transmission screen ......



I could access the media inside the smartphone. By doing so far, Mr. Kunushevci has not unlocked the smartphone and seems to be able to access files inside the smartphone simply by answering Skype calls.



When I enter the URL of Google from the message transmission form ......



Google's search screen opened.



By tapping the menu icon you can also access web services that you can log in with your Google Account.



Kunushevci said, "Everyone makes a mistake," said the bug this time was an application design and coding mistake. This bug was reported to Microsoft in October 2018 before it was made public and has been fixed by upgrading the Android version Skype app on December 23, 2018.

in Mobile,   Software,   Web Service,   Video,   Security, Posted by log1h_ik