A VULNERABILITY in Skype for Android can leak a substantial amount of private data, potentially affecting more than 10 million users of the app.
Android developer Justin Case wrote in Android Police that the hole could allow a rogue developer to modify an existing app and collect private information. Although no credit card information is involved, Skype does keep information in chat logs, as well as the user's name and phone number.
Case said the problem stems from a mistake by Skype that leaves folders in its directory accessible and completely unencrypted. Using a bit of technical know-how, you can access this information from another app.
The files contain quite a bit of private data, including the your "account balance, full name, date of birth, city/state/country, home phone, office phone, cell phone, email addresses, your webpage, your bio, and more".
Skype also keeps information on your contacts, which "holds similar information, but on friends, family and anyone else in your contact list". Case said that this is more than Skype exposes on other users publicly.
The report also said you can access chat information and instant messages. Skype was unavailable to reply, although it is "investigating".
Case said that the Internet phone and chat company could fix the issue by using proper file permissions and encryption, and performing appropriate security reviews before releasing software.
No comments:
Post a Comment