HomeWinBuzzer NewsSkype Android Allowed Device Access Through Bypassing Lockscreen Security

Skype Android Allowed Device Access Through Bypassing Lockscreen Security

A flaw in Skype coding on Android allowed anyone to access device data by simply answering a call from the lockscreen.

-

is a hugely popular communication tool. Indeed, Skype for Business is the most dominant workplace chat platform. So, to hear that 's app can be used to bypass a smartphone's lock screen and security to enter the device.

It seems the exploit only occurs on , allowing users to access a phone's system without needing a passcode. With access, anyone can see the device's photos, contacts, browse, and see onboard data.

Florian Kunuschevi discovered the flaw and reported it to Microsoft. Anyone with the phone in hand can receive a Skype call, answer it, and then access various areas of the device (photos, contact, messages, and browser) through sent links.

Kunuschevi described how he found the vulnerability:

“One day I got a feeling while using the app that there should be a need to check a part which seems to give me other options than it should. Then I had to change the way of thinking as a regular user into something that I can use for exploitation. For the specific bug that I have found on Skype, it is more of a bad design and also a bug in coding. I think to put it all together, humans make mistakes.”

Microsoft received the report during October and released a patch before making an official announcement. It seems the company will keep quiet on the situation, but at least it has been fixed.

Whose Fault is it Anyway?

Perhaps Microsoft's silence stems from the company not really thinking it is at fault. Sure, there was a coding error in Skype that has now been fixed. However, I can't help but ask myself the following question:

If an OS security can be bypassed by bad coding in a third-party app, isn't the OS simply not secure?

Shouldn't Android be more secure against bad coding in an app? It's an interesting thing to consider, not least because it suggests if Microsoft's apps can bypass a lockscreen through bad coding, then any app could do it.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News